CVE-2023-23753
CRITICALVisforms 3.0.0-3.0.4 - SQL Injection via SQL Query Concatenation
Title source: llmDescription
The 'Visforms Base Package for Joomla 3' extension is vulnerable to SQL Injection as concatenation is used to construct an SQL Query. An attacker can interact with the database and could be able to read, modify and delete data on it.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://vi-solutions.de/en/announcements/867-security-announcement-cve-2023-23754
Exploit third-party-advisory
https://blog.asturhackers.es/sql-injection-en-visforms-base-package-for-joomla-3-0-5-cve-2023-23753
Scores
CVSS v3
9.8
EPSS
0.0080
EPSS Percentile
52.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
vi-solutions/visforms
3.0.0 - 3.0.5
Published
Apr 23, 2023
Tracked Since
Feb 18, 2026