Description
Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET requests to index.php with option=com_twitchtv and view parameters containing SQL injection payloads to extract sensitive database information including credentials and configuration data.
Published: 2026-06-19
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Joomla! Component Twitch Tv 1.1 is vulnerable to SQL injection that allows attackers to run arbitrary SQL statements by injecting code into the username and id parameters of the component. The flaw can be exploited by unauthenticated users via crafted GET requests to index.php, enabling the extraction of sensitive database contents such as credentials and system configuration data, thereby compromising confidentiality and potentially aiding further attacks.

Affected Systems

The vulnerability limits to the Raindropsinfotech Twitch Tv component, version 1.1. No other Joomla! components or versions are affected as per the vendor information.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity level, and the lack of an EPSS score suggests no current exploitation data is available. The component is not listed in CISA KEV. Attackers can trigger the flaw through normal HTTP GET traffic to the component without requiring authentication, so the attack vector is readily reachable over the web.

Generated by OpenCVE AI on June 19, 2026 at 20:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor-supplied patch for Twitch Tv 1.1 to fix the SQL injection issue.
  • If the component cannot be updated, remove it or restrict access to it so it is no longer reachable by unauthenticated users.
  • As a temporary workaround, implement input validation or sanitization on the username and id parameters to prevent SQL injection, and enforce database permissions that limit the data exposed.

Generated by OpenCVE AI on June 19, 2026 at 20:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET requests to index.php with option=com_twitchtv and view parameters containing SQL injection payloads to extract sensitive database information including credentials and configuration data.
Title Joomla! Component Twitch Tv 1.1 SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-19T16:17:56.011Z

Reserved: 2026-06-19T15:06:42.846Z

Link: CVE-2017-20270

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T20:15:02Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')