Visforms Base Package for Joomla!,  3rd party extension, SQL Injection

  • Project: Visforms für Joomla 3
  • Extension: com_visforms
  • Impact: Critical
  • Severity: High
  • Probability: Unkonwn
  • Versions: 3.8.0 - 3.14.10
  • Exploit type: SQL Injection
  • Reported Date: 2023-04-16
  • Fixed Date: 2023-04-19
  • CVE Number: CVE-2023-23753

Description

An improper use of input filter allows SQL-Injection.

Affected Installs

  • com_visforms versions 3.8.0 - 3.14.10.
  • Visforms Base Package 3.0.0 - 3.0.4 (Since version 3.14.6 com_visforms is part of the Visforms Base Package)

Solution

Upgrade to Visforms Base Package 3.0.5