Impact
Joomla! Component JB Visa 1.0 allows unauthenticated attackers to inject arbitrary SQL through the visatype parameter sent in a GET request to the component’s popup view. This flaw lets an attacker read sensitive database contents, including user credentials, by executing crafted SQL statements. The impact is primarily data exposure and potential credential compromise. The vulnerability is classified as a high‑severity SQL injection (CWE‑89) with a CVSS score of 8.8.
Affected Systems
The affected product is Joombooking’s JB Visa component, version 1.0. No other versions or editions are listed in the defect data.
Risk and Exploitability
The vulnerability requires no authentication and is reachable through a public web request, making it trivial for attackers to target any site that has the component installed. Although the EPSS score is not available, the high CVSS score indicates that exploitation is likely to result in significant damage. The flaw is not currently listed in the CISA KEV catalog, but exploit code exists on exploit‑db, suggesting that the risk to exposed sites is real.
OpenCVE Enrichment