CVE-2017-20279 | Joomla Payage 2.05 contains an SQL injection vulnerability t… | CVSS 8.2 HIGH

Description

Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the make_payment task to extract sensitive database information using boolean-based blind or time-based blind techniques.

Metadata

CVE ID: CVE-2017-20279
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-19 15:10 UTC
Published: 2026-06-19 16:48 UTC
Last updated: 2026-06-19 16:48 UTC
Primary CWE: CWE-89
Improper Neutralization of Special Elements used in an SQL C…
Vendor / Product: Extensions / Joomla Payage
Sources: cve.org · NVD

Severity & Metrics

8.2 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Affected products (1)

Vendor	Product	Platform	Versions
Extensions	Joomla Payage	—	2.05

Weakness (CWE)

CWE	Source	Description
CWE-89	cna	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.8	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
8.2	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

References (2)

ExploitDB-42113 https://www.exploit-db.com/exploits/42113
VulnCheck Advisory: Joomla Payage 2.05 SQL Injection via aid Parameter https://www.vulncheck.com/advisories/joomla-payage-sql-injection-via-aid-parameter