These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2019-25752 is a HIGH-severity SQL injection vulnerability in Joomla! Component J-BusinessDirectory version 4.9.7. Unaffected users face questions on defender exposure through potential malicious code execution. The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries via the type parameter in GET requests to index.php. Priority posture is HIGH due to the CVSS score of 8.8.
CVE-2019-25751 is a high-severity SQL injection vulnerability in Joomla Component J-ClassifiedsManager 3.0.5. Unaffected attackers can inject malicious SQL code through POST parameters, allowing for arbitrary SQL query execution. The vulnerability affects the displayads component, specifically the categorySearch, adType, and citySearch parameters. This CVE has a CVSS score of 8.8, indicating a high level [truncated]
CVE-2019-25749 is an SQL injection vulnerability in Joomla J-CruisePortal 6.0.4. Authenticated attackers can execute arbitrary SQL queries by injecting malicious code through the guest_adult parameter in POST requests to the cruises endpoint. This vulnerability has a CVSS score of 7.1 and is classified as HIGH severity. The affected product and scope are Joomla J-CruisePortal 6.0.4. Defenders should asses [truncated]
CVE-2019-25748 is a high-severity SQL injection vulnerability in Joomla JHotelReservation 6.0.7. Unaffected product versions and vendors are unknown. The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rooms parameter in POST requests to the search-hotels endpoint. This could lead to extraction of sensitive database information, inclu [truncated]