Description
Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cp_id parameter. Attackers can send GET requests to index.php with the option=com_lmsking, view=lmsking, layout=learningpath, and task=learningPath parameters to extract sensitive database information.
Published: 2026-06-19
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic SQL injection flaw in the cp_id parameter of the learningpath layout of King LMS King Professional 3.2.4.0. Attackers who can send HTTP GET requests can inject SQL code that is executed directly against the underlying database. The result is the ability to read arbitrary tables, including those containing user credentials or other sensitive data. The flaw is unauthenticated, meaning it does not require an established session or privileged user account to be exploited. The weakness corresponds to CWE‑89.

Affected Systems

King LMS King Professional version 3.2.4.0. The software is distributed by King-products under the title LMS King Professional, and the vulnerability exists only in that version. No other versions were enumerated, so only installations running 3.2.4.0 are impacted.

Risk and Exploitability

The CVSS score of 8.8 places the flaw in the high severity range, and the lack of an authentication requirement means the attack can be carried out over the Internet by any user with network access to the web forum. The EPSS score is not available, but the public exploitation references—including an Exploit‑DB entry—indicate that attackers have already demonstrated practical exploits. Because the vulnerability is in a database‑access layer, the primary risk is confidentiality breach, with potential lateral movement if the extracted data includes system credentials. The vulnerability is not listed in the CISA KEV catalog, so it may not yet be widely known within supply‑chain risk frameworks.

Generated by OpenCVE AI on June 19, 2026 at 20:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update or patch LMS King Professional to a version that eliminates the cp_id SQL injection flaw, or apply any vendor‑issued security update that addresses the vulnerability.
  • Block or restrict HTTP requests containing the vulnerable query parameters by enforcing authentication requirements on the option=com_lmsking, view=lmsking, layout=learningpath, or by configuring the web server to deny unauthenticated access to the affected endpoints.
  • Implement proper input validation and use parameterized queries for the cp_id parameter to prevent injection, as suggested for CWE‑89 mitigation.

Generated by OpenCVE AI on June 19, 2026 at 20:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared King-products
King-products lms King Professional
Vendors & Products King-products
King-products lms King Professional

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cp_id parameter. Attackers can send GET requests to index.php with the option=com_lmsking, view=lmsking, layout=learningpath, and task=learningPath parameters to extract sensitive database information.
Title Joomla LMS King Professional 3.2.4.0 SQL Injection via learningpath
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

King-products Lms King Professional
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-23T02:14:36.632Z

Reserved: 2026-06-19T15:08:12.886Z

Link: CVE-2017-20274

cve-icon Vulnrichment

Updated: 2026-06-23T02:14:31.563Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T22:35:17Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')