CVE-2017-20275 | Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection… | CVSS 8.2 HIGH

Description

Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_phpbridge&view=phpview parameters and inject SQL code in the id parameter to extract database information including table and column names.

Metadata

CVE ID: CVE-2017-20275
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-19 15:08 UTC
Published: 2026-06-19 16:34 UTC
Last updated: 2026-06-19 16:34 UTC
Primary CWE: CWE-89
Improper Neutralization of Special Elements used in an SQL C…
Vendor / Product: Henryschorradt / Bridge
Sources: cve.org · NVD

Severity & Metrics

8.2 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Affected products (1)

Vendor	Product	Platform	Versions
Henryschorradt	Bridge	—	1.2.3

Weakness (CWE)

CWE	Source	Description
CWE-89	cna	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.8	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
8.2	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

References (2)

ExploitDB-42414 https://www.exploit-db.com/exploits/42414
VulnCheck Advisory: Joomla! Component PHP-Bridge 1.2.3 SQL Injection via id Parameter https://www.vulncheck.com/advisories/joomla-component-php-bridge-sql-injection-via-id-parameter