CVE-2017-20260

HIGH NVD

CVSS Score 8.2

Severity HIGH

Published Jun 19, 2026

Vendor unknown

Description

Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the product_id parameter to extract sensitive database information including credentials and configuration data.

References

https://extensions.joomla.org/extensions/extension/extension-specific/virtuemart-extensions/price-alert/
https://www.exploit-db.com/exploits/42553
https://www.vulncheck.com/advisories/joomla-component-price-alert-sql-injection
https://www.weborange.eu/