Description
Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_phpbridge&view=phpview parameters and inject SQL code in the id parameter to extract database information including table and column names.
Published: 2026-06-19
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection flaw that lets unauthenticated attackers inject malicious code through the id parameter in index.php. The flaw enables the execution of arbitrary SQL queries, allowing attackers to read database tables, retrieve column names, and obtain sensitive database information, leading to a data breach.

Affected Systems

The affected product is the PHP-Bridge component by Henryschorradt, version 1.2.3.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Attackers can send unauthenticated GET requests to the publicly accessible Joomla installation, so the likely attack vector is remote, network-based exploitation via the web interface.

Generated by OpenCVE AI on June 19, 2026 at 21:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the PHP-Bridge component to the latest stable release that contains the fix for CVE-2017-20275
  • If an update is not available, remove or disable the PHP-Bridge component from the Joomla installation
  • Deploy a Web Application Firewall (WAF) or SQL injection detector to block malicious queries targeting the id parameter and monitor logs for suspicious activity

Generated by OpenCVE AI on June 19, 2026 at 21:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Henryschorradt
Henryschorradt bridge
Vendors & Products Henryschorradt
Henryschorradt bridge

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_phpbridge&view=phpview parameters and inject SQL code in the id parameter to extract database information including table and column names.
Title Joomla! Component PHP-Bridge 1.2.3 SQL Injection via id Parameter
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Henryschorradt Bridge
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-22T16:55:44.708Z

Reserved: 2026-06-19T15:08:45.656Z

Link: CVE-2017-20275

cve-icon Vulnrichment

Updated: 2026-06-22T16:55:39.472Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T22:35:16Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')