Impact
The vulnerability resides in the Extra Search component for Joomla, specifically in version 2.2. through the establename parameter of an HTTP GET request. By exploiting this input flaw, the attacker is able to manipulate database queries to retrieve sensitive information. The weakness is a classic input validation error, classed as CWE-89, which directly compromises data confidentiality.
Affected Systems
The affected software is the Extra Search component distributed by Joomlaboat. Only version 2.2.8 is reported to be vulnerable, and no other compilation or distribution versions are indicated.
Risk and Exploitability
The CVSS score of 8.8 indicates a high severity of the vulnerability. Exploit probability data is not available, and the vulnerability is not listed in CISA's KEV catalog. The attack vector is remote, requiring only a crafted HTTP GET request; the attacker does not need authentication or elevated privileges. This enables straightforward exploitation by anyone able to send requests to the target Joomla site, potentially exposing confidential database content.
OpenCVE Enrichment