Impact
The Joomla Component JoomRecipe 1.0.3 contains a SQL injection vulnerability that allows attackers to inject arbitrary SQL statements through a specially crafted category parameter in GET requests to the all-recipes endpoint. Because the component accepts the category value directly in a database query without proper sanitisation, an unauthenticated attacker can read or modify any table in the Joomla database, potentially exposing user credentials, site content, or other sensitive data.
Affected Systems
The affected product is the Joomboost JoomRecipe component for Joomla CMS, version 1.0.3. The component is used on Joomla sites that manage cooking or recipe data. Any website that has installed this add-on as provided by Joomboost is vulnerable when the all‑recipes endpoint is enabled.
Risk and Exploitability
With a CVSS base score of 8.8 the flaw is considered high severity. The EPSS score is not available and the vulnerability is not listed in CISA KEV, indicating no known public exploits at this time. Nevertheless, the attack vector is remote and unauthenticated, relying only on the ability to send a crafted HTTP GET request. If successfully exploited the attacker could gain read or write access to the Joomla database, compromising the confidentiality, integrity, and availability of the site.
OpenCVE Enrichment