Balbooa Joomla Forms Builder SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Balbooa Joomla Forms Builder version 2.0.6. This unauthenticated vulnerability resides in the form submission handler, allowing remote attackers to execute arbitrary SQL queries. Exploitation involves sending POST requests to the com_baforms component with malicious JSON payloads in the 'id' field parameter, potentially leading to the extraction of sensitive database information.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which could be used to manipulate the database or extract sensitive information.

Reproduction

To reproduce this vulnerability, send a POST request to the index.php file with the option parameter set to com_baforms. Include a JSON payload in the 'id' field that is crafted to execute arbitrary SQL commands. The request should be sent as multipart form-data.