CVE-2017-20280

HIGH

Joomla Component Myportfolio 3.0.2 SQL Injection via pid Parameter

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20280. PoCs published by Persian Hack Team.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in Joomla Component Myportfolio 3.0.2 via the 'pid' parameter. The provided URL shows how an attacker can inject malicious SQL queries to manipulate the database.

Description

Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid endpoint to extract sensitive database information.

Exploits (1)

exploitdb WORKING POC
by Persian Hack Team · textwebappsphp
https://www.exploit-db.com/exploits/41930

The exploit demonstrates a SQL injection vulnerability in Joomla Component Myportfolio 3.0.2 via the 'pid' parameter. The provided URL shows how an attacker can inject malicious SQL queries to manipulate the database.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Joomla Component Myportfolio 3.0.2
No auth needed
Prerequisites: Joomla with Myportfolio 3.0.2 installed · Access to the vulnerable endpoint
devstral-2 · analyzed Jun 19, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit exploit
ExploitDB-41930
https://www.exploit-db.com/exploits/41930
Third Party Advisory third-party-advisory
VulnCheck Advisory: Joomla Component Myportfolio 3.0.2 SQL Injection via pid Parameter
https://www.vulncheck.com/advisories/joomla-component-myportfolio-sql-injection-via-pid-parameter

Scores

CVSS v3 8.2
EPSS 0.0024
EPSS Percentile 14.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
Myportfolio/Myportfolio 3.0.2
Published Jun 19, 2026
Tracked Since Jun 19, 2026