CVE-2017-20267

HIGH NVD

CVSS Score 8.2

Severity HIGH

Published Jun 19, 2026

Vendor unknown

Description

Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the category_id parameter. Attackers can send GET requests to the events view with malicious SQL code in the category_id parameter to extract sensitive database information.

References

http://joomlathat.com/
https://extensions.joomla.org/extensions/extension/calendars-a-events/events/calendar-planner/
https://www.exploit-db.com/exploits/42501
https://www.vulncheck.com/advisories/joomla-component-calendar-planner-sql-injection