Impact
The vulnerability is a classic SQL injection flaw (CWE‑89) in the Joomla! component My Projects 2.0. It permits users to inject malicious SQL statements through the VerAyari parameter, enabling the execution of arbitrary queries against the database. Successful exploitation can result in the disclosure of user credentials, administrative data, or other system information stored in the database, thereby compromising confidentiality and potentially enabling further compromise of the Joomla! installation.
Affected Systems
The affected product is the Joomla! component My Projects 2.0 from Gegabyte. The component is distributed through the Joomla! extension directory. The description does not list specific version ranges other than the 2.0 release, so all installations of this component should be reviewed.
Risk and Exploitability
The CVSS score of 8.8 indicates a high severity attack that can be performed without authentication and from a remote web request. The EPSS score is not available, but the high CVSS combined with the lack of protective controls suggests a significant risk. The vulnerability is not listed in the CISA KEV catalog, which does not mean it is safe, only that it has not been documented as a widely exploited flaw. Attackers can reach the vulnerable parameter through a standard HTTP request to the component endpoint. Once reached, the injection can be used to extract the database contents or modify data, depending on the privileges of the database account used by the component.
OpenCVE Enrichment