CVE-2017-20270 | Joomla! Component Twitch Tv 1.1 contains an SQL injection vu… | CVSS 8.2 HIGH

Description

Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET requests to index.php with option=com_twitchtv and view parameters containing SQL injection payloads to extract sensitive database information including credentials and configuration data.

Metadata

CVE ID: CVE-2017-20270
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-19 15:06 UTC
Published: 2026-06-19 16:17 UTC
Last updated: 2026-06-19 16:17 UTC
Primary CWE: CWE-89
Improper Neutralization of Special Elements used in an SQL C…
Vendor / Product: Raindropsinfotech / Twitch Tv
Sources: cve.org · NVD

Severity & Metrics

8.2 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Affected products (1)

Vendor	Product	Platform	Versions
Raindropsinfotech	Twitch Tv	—	1.1

Weakness (CWE)

CWE	Source	Description
CWE-89	cna	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.8	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
8.2	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

References (4)

ExploitDB-42493 https://www.exploit-db.com/exploits/42493
Official Product Homepage http://www.raindropsinfotech.com/
Product Reference https://extensions.joomla.org/extensions/extension/sports-a-games/game-servers/twitch-tv-component/
VulnCheck Advisory: Joomla! Component Twitch Tv 1.1 SQL Injection https://www.vulncheck.com/advisories/joomla-component-twitch-tv-sql-injection