CVE-2019-25752 Cmsjunkie CVE debrief

Who should care

Administrators and users of Joomla! Component J-BusinessDirectory version 4.9.7 should review and apply patches or mitigations. Security teams should assess exposure and prioritize remediation based on the HIGH CVSS score and potential for arbitrary SQL query execution.

Technical summary

The vulnerability exists in Joomla! Component J-BusinessDirectory version 4.9.7. An unauthenticated attacker can inject malicious SQL code through the type parameter in GET requests to index.php with option=com_jbusinessdirectory&task=categories.getCategories parameters. This allows execution of arbitrary SQL queries, potentially leading to database information extraction, including schema names and sensitive data.

Defensive priority

High priority due to CVSS score of 8.8 and potential for arbitrary SQL query execution.

Recommended defensive actions

• Review official advisories and documentation for J-BusinessDirectory component
• Inventory Joomla! installations for J-BusinessDirectory component version 4.9.7
• Apply patches or updates provided by the vendor
• Implement compensating controls to limit exposure
• Monitor for suspicious activity and exception tracking

Evidence notes

Primary evidence comes from CVE-2019-25752 record and NVD details. Evidence limits suggest verification is needed from official Joomla! and J-BusinessDirectory sources. Affected product/scope is Joomla! Component J-BusinessDirectory version 4.9.7. Defenders should verify patch availability and applicability.

Official resources