Description
Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET requests to index.php with option=com_twitchtv and view parameters containing SQL injection payloads to extract sensitive database information including credentials and configuration data.
Published: 2026-06-19
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Joomla! Component Twitch Tv 1.1 is vulnerable to SQL injection that allows attackers to run arbitrary SQL statements by injecting code into the username and id parameters of the component. The flaw can be exploited by unauthenticated users via crafted GET requests to index.php, enabling the extraction of sensitive database contents such as credentials and system configuration data, thereby compromising confidentiality and potentially aiding further attacks.

Affected Systems

The vulnerability limits to the Raindropsinfotech Twitch Tv component, version 1.1. No other Joomla! components or versions are affected as per the vendor information.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity level, and the lack of an EPSS score suggests no current exploitation data is available. The component is not listed in CISA KEV. Attackers can trigger the flaw through normal HTTP GET traffic to the component without requiring authentication, so the attack vector is readily reachable over the web.

Generated by OpenCVE AI on June 19, 2026 at 20:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor-supplied patch for Twitch Tv 1.1 to fix the SQL injection issue.
  • If the component cannot be updated, remove it or restrict access to it so it is no longer reachable by unauthenticated users.
  • As a temporary workaround, implement input validation or sanitization on the username and id parameters to prevent SQL injection, and enforce database permissions that limit the data exposed.

Generated by OpenCVE AI on June 19, 2026 at 20:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Raindropsinfotech
Raindropsinfotech twitch Tv
Vendors & Products Raindropsinfotech
Raindropsinfotech twitch Tv

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET requests to index.php with option=com_twitchtv and view parameters containing SQL injection payloads to extract sensitive database information including credentials and configuration data.
Title Joomla! Component Twitch Tv 1.1 SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Raindropsinfotech Twitch Tv
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-22T17:14:07.498Z

Reserved: 2026-06-19T15:06:42.846Z

Link: CVE-2017-20270

cve-icon Vulnrichment

Updated: 2026-06-22T16:55:46.195Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T22:35:23Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')