Impact
Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection flaw that lets unauthenticated attackers inject malicious code through the id parameter in index.php. The flaw enables the execution of arbitrary SQL queries, allowing attackers to read database tables, retrieve column names, and obtain sensitive database information, leading to a data breach.
Affected Systems
The affected product is the PHP-Bridge component by Henryschorradt, version 1.2.3.
Risk and Exploitability
The CVSS score of 8.8 indicates high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Attackers can send unauthenticated GET requests to the publicly accessible Joomla installation, so the likely attack vector is remote, network-based exploitation via the web interface.
OpenCVE Enrichment