Description
Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array values containing SQL commands to extract sensitive database information including version and database names.
Published: 2026-06-19
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Joomla! Component vBizz 1.0.7 is vulnerable to SQL injection, allowing authenticated attackers to inject malicious code into the payid parameter via POST requests to the employee management interface. This flaw enables execution of arbitrary SQL queries against the underlying database, potentially revealing sensitive information such as database names, versions, and data stored within. Because the injection is not limited to read-only operations, attackers may also modify or delete data, leading to data integrity and confidentiality compromise.

Affected Systems

The affected product is the vBizz component for Joomla, version 1.0.7, distributed by Wdmtech. Joomla sites running this component and allowing authenticated users to access the employee management interface are at risk.

Risk and Exploitability

The CVSS score of 7.1 indicates high severity, reflecting the potential impact of data compromise. No EPSS score is available, so the current exploitation probability is unknown, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote, through the web interface, and requires that the attacker be authenticated and have access to the employee management page.

Generated by OpenCVE AI on June 19, 2026 at 19:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the vBizz component to the latest version that contains the SQL injection fix.
  • If an upgrade is not immediately possible, restrict access to the employee management interface to a minimal set of trusted administrators or disable it for all other accounts.
  • Deploy a web application firewall or create security rules that detect and block suspicious SQL injection payloads targeting the payid parameter, providing temporary protection until a patch is applied.

Generated by OpenCVE AI on June 19, 2026 at 19:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array values containing SQL commands to extract sensitive database information including version and database names.
Title Joomla! Component vBizz 1.0.7 SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-19T17:38:39.694Z

Reserved: 2026-06-19T14:31:39.773Z

Link: CVE-2019-25759

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T19:45:03Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')