Impact
This vulnerability is an SQL injection flaw in the pid parameter of the Joomla component Myportfolio. Unauthenticated attackers can inject arbitrary SQL into the query executed by the task=project&view=grid endpoint, allowing extraction of sensitive database contents and potentially more advanced exploitation if combined with other weaknesses. The weakness is classified as CWE-89.
Affected Systems
The affected product is Myportfolio for Joomla, version 3.0.2. Administrators using this component must confirm whether this exact version is deployed and vulnerable.
Risk and Exploitability
The CVSS score of 8.8 indicates high severity. Although no EPSS score is available, the presence of a public exploit means attackers can target the flaw remotely by sending a crafted GET request to index.php with malicious pid values. The vulnerability is not listed in the CISA KEV catalog, but its high CVSS and publicly available exploit code imply a realistic exploitation probability. Proper database privilege limits and input validation are key mitigations.
OpenCVE Enrichment