CVE-2017-20276 | Joomla! Component SIMGenealogy 2.1.5 contains an SQL injecti… | CVSS 8.2 HIGH

Description

Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the type parameter. Attackers can send GET requests to index.php with the option=com_simgenealogy, view=latest parameters and inject malicious SQL in the type parameter to extract sensitive database information.

Metadata

CVE ID: CVE-2017-20276
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-19 15:08 UTC
Published: 2026-06-19 16:38 UTC
Last updated: 2026-06-19 16:38 UTC
Primary CWE: CWE-89
Improper Neutralization of Special Elements used in an SQL C…
Vendor / Product: Simbunch / SIMGenealogy
Sources: cve.org · NVD

Severity & Metrics

8.2 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Affected products (1)

Vendor	Product	Platform	Versions
Simbunch	SIMGenealogy	—	2.1.5

Weakness (CWE)

CWE	Source	Description
CWE-89	cna	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.8	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
8.2	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

References (2)

ExploitDB-42413 https://www.exploit-db.com/exploits/42413
VulnCheck Advisory: Joomla! Component SIMGenealogy 2.1.5 SQL Injection https://www.vulncheck.com/advisories/joomla-component-simgenealogy-sql-injection