PT-2026-50937 · Undefined · Undefined
Published
2026-06-19
·
Updated
2026-06-19
·
CVE-2017-20260
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product id parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the product id parameter to extract sensitive database information including credentials and configuration data.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Undefined