PT-2025-40515 · Joomla · Mod Vvisit Counter
Published
2025-10-03
·
Updated
2025-10-03
·
CVE-2025-40636
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Joomla module mod vvisit counter version 2.0.4j3
Description
A SQL injection issue exists in the mod vvisit counter module. An attacker can retrieve database content through the
cip vvisitcounter cookie at any endpoint where the plugin tracks visits. The vulnerability requires no authentication.Recommendations
Update Joomla module mod vvisit counter to a newer version that contains a fix for this vulnerability.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mod Vvisit Counter