Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename parameter. Attackers can send GET requests to index.php with the option=com_extrasearch parameter and malicious SQL in the establename field to extract sensitive database information.
Metrics
Affected Vendors & Products
References
History
Mon, 22 Jun 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Sun, 21 Jun 2026 09:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Joomlaboat
Joomlaboat extra Search |
|
| Vendors & Products |
Joomlaboat
Joomlaboat extra Search |
Fri, 19 Jun 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename parameter. Attackers can send GET requests to index.php with the option=com_extrasearch parameter and malicious SQL in the establename field to extract sensitive database information. | |
| Title | Joomla! Component Extra Search 2.2.8 SQL Injection | |
| Weaknesses | CWE-89 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published: 2026-06-19T16:54:56.105Z
Updated: 2026-06-22T16:58:22.418Z
Reserved: 2026-06-19T15:10:59.951Z
Link: CVE-2017-20281
Updated: 2026-06-22T16:58:18.490Z
No data.
No data.