CVE-2017-20279

HIGH

Joomla Payage 2.05 SQL Injection via aid Parameter

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20279. PoCs published by Persian Hack Team.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Joomla Payage 2.05 via the 'aid' parameter in a GET request. It includes payloads for boolean-based and time-based blind SQL injection, confirming the vulnerability's exploitability.

Description

Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the make_payment task to extract sensitive database information using boolean-based blind or time-based blind techniques.

Exploits (1)

exploitdb WORKING POC
by Persian Hack Team · textwebappsphp
https://www.exploit-db.com/exploits/42113

This exploit demonstrates a SQL injection vulnerability in Joomla Payage 2.05 via the 'aid' parameter in a GET request. It includes payloads for boolean-based and time-based blind SQL injection, confirming the vulnerability's exploitability.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Joomla Payage 2.05
No auth needed
Prerequisites: Access to the target URL with the vulnerable component installed
devstral-2 · analyzed Jun 19, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit exploit
ExploitDB-42113
https://www.exploit-db.com/exploits/42113
Third Party Advisory third-party-advisory
VulnCheck Advisory: Joomla Payage 2.05 SQL Injection via aid Parameter
https://www.vulncheck.com/advisories/joomla-payage-sql-injection-via-aid-parameter

Scores

CVSS v3 8.2
EPSS 0.0024
EPSS Percentile 14.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
Extensions/Joomla Payage 2.05
Published Jun 19, 2026
Tracked Since Jun 19, 2026