CVE-2018-25197
HIGH
8.2
Our Analysis: esv
Our model has classified this vulnerability as relevant to esv Systems, helping your team prioritize efforts effectively.
Published Date
March 6, 2026
Last Modified
March 6, 2026
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Description
PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with option=com_playjoom&view=genre&catid=[SQL] to extract sensitive database information including usernames, databases, and version details.