Description
Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the type parameter. Attackers can send GET requests to index.php with the option=com_simgenealogy, view=latest parameters and inject malicious SQL in the type parameter to extract sensitive database information.
Published: 2026-06-19
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated SQL injection flaw exists in Joomla! Component SIMGenealogy version 2.1.5. By sending a crafted GET request to index.php with the parameters option=com_simgenealogy, view=latest and injecting malicious SQL into the type field, an attacker can alter or extract data from the database without authentication. The flaw is classified as CWE-89 and enables attackers to compromise the confidentiality and potentially the integrity of stored information.

Affected Systems

The vulnerability affects the Simbunch SIMGenealogy component for Joomla!, specifically version 2.1.5. No other vendors or product versions are mentioned as impacted.

Risk and Exploitability

The CVSS score is 8.8, indicating high severity. EPSS information is not available, so the likelihood of exploitation is uncertain, and the vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw remotely by issuing unsanitized HTTP GET requests to the publicly accessible component endpoint, presenting a significant risk if the component remains exposed.

Generated by OpenCVE AI on June 19, 2026 at 20:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the SIMGenealogy component to the latest patched release that eliminates the injection flaw.
  • If an update cannot be applied immediately, disable or remove the component from the Joomla! installation to eliminate the vulnerable entry point.
  • Implement web application firewall rules to block suspicious requests targeting the index.php endpoint with option=com_simgenealogy and view=latest, or restrict access to that component to authenticated admin users.

Generated by OpenCVE AI on June 19, 2026 at 20:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Simbunch
Simbunch simgenealogy
Vendors & Products Simbunch
Simbunch simgenealogy

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the type parameter. Attackers can send GET requests to index.php with the option=com_simgenealogy, view=latest parameters and inject malicious SQL in the type parameter to extract sensitive database information.
Title Joomla! Component SIMGenealogy 2.1.5 SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Simbunch Simgenealogy
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-22T17:13:51.512Z

Reserved: 2026-06-19T15:08:55.220Z

Link: CVE-2017-20276

cve-icon Vulnrichment

Updated: 2026-06-22T16:57:48.569Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T22:35:14Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')