CVE-2017-20269

EUVD-2017-18996
Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive information.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
http://terrywcarter.com/
https://extensions.joomla.org/extensions/extension/photos-a-images/galleries/kissgallery/
https://www.exploit-db.com/exploits/42494
https://www.vulncheck.com/advisories/joomla-component-kissgallery-sql-injection