CVE-2017-20255

HIGH

Joomla! Component JB Visa 1.0 SQL Injection via visatype

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20255. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in Joomla! Component JB Visa 1.0 via the 'visatype' parameter. The provided payload extracts database information using a time-based blind SQL injection technique.

Description

Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter. Attackers can send GET requests to index.php with the option=com_bookpro and view=popup parameters, injecting SQL commands in the visatype parameter to extract sensitive database information including credentials and table contents.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Ihsan Sencan · textwebappsphp
https://www.exploit-db.com/exploits/43350

The exploit demonstrates a SQL injection vulnerability in Joomla! Component JB Visa 1.0 via the 'visatype' parameter. The provided payload extracts database information using a time-based blind SQL injection technique.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Joomla! Component JB Visa 1.0
No auth needed
Prerequisites: access to the vulnerable endpoint
devstral-2 · analyzed Jun 19, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-43350
https://www.exploit-db.com/exploits/43350
Product product
Official Product Homepage
http://joombooking.com/
Third Party Advisory third-party-advisory
VulnCheck Advisory: Joomla! Component JB Visa 1.0 SQL Injection via visatype
https://www.vulncheck.com/advisories/joomla-component-jb-visa-sql-injection-via-visatype

Scores

CVSS v3 8.2
EPSS 0.0033
EPSS Percentile 25.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
Joombooking/JB Visa 1.0
Published Jun 19, 2026
Tracked Since Jun 19, 2026