Impact
Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with the option=com_streetguess&view=maps parameters and inject SQL code in the catid parameter to extract sensitive database information, including version and database names. This results in a breach of confidentiality, as attackers can read data from the underlying database without authentication.
Affected Systems
The StreetGuessr Game component, version 1.1.8, developed by Nordmograph and used within the Joomla content management system, is vulnerable. Only installations that deploy this specific component version are affected.
Risk and Exploitability
The CVSS score of 8.8 classifies this flaw as High severity, with no authentication required. No EPSS score is available and the vulnerability is not listed in CISA KEV. The flaw enables attackers to supply malicious input in the catid parameter of crafted URL requests to index.php, allowing extraction of data from the database.
OpenCVE Enrichment