Impact
An unauthenticated SQL injection flaw exists in Joomla! Component SIMGenealogy version 2.1.5. By sending a crafted GET request to index.php with the parameters option=com_simgenealogy, view=latest and injecting malicious SQL into the type field, an attacker can alter or extract data from the database without authentication. The flaw is classified as CWE-89 and enables attackers to compromise the confidentiality and potentially the integrity of stored information.
Affected Systems
The vulnerability affects the Simbunch SIMGenealogy component for Joomla!, specifically version 2.1.5. No other vendors or product versions are mentioned as impacted.
Risk and Exploitability
The CVSS score is 8.8, indicating high severity. EPSS information is not available, so the likelihood of exploitation is uncertain, and the vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw remotely by issuing unsanitized HTTP GET requests to the publicly accessible component endpoint, presenting a significant risk if the component remains exposed.
OpenCVE Enrichment