CVE-2021-47930

Name of the Vulnerable Software and Affected Versions Balbooa Joomla Forms Builder version 2.0.6

Description An unauthenticated SQL injection exists in the form submission handler, allowing remote attackers to execute arbitrary SQL queries. This is achieved by sending POST requests to the 'com baforms' component containing malicious JSON payloads in the id field parameter to extract sensitive database information. SQL injection is a type of flaw that allows an attacker to interfere with the queries that an application makes to its database.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.