PT-2026-50997 · Joomboost · Joomcrm
Ihsan Sencan
·
Published
2026-06-19
·
Updated
2026-06-19
·
CVE-2019-25761
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the deal id parameter. Attackers can send GET requests to index.php with option=com joomcrm&view=contacts and inject SQL code in the deal id parameter to extract sensitive database information including table names and schemas.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Joomcrm