Tassos Convert Forms
Moderate fix1 remedy
cpe:2.3:a:convert_forms_project:convert_forms:*:*:*:*:joomla!:*:*
Moderate fix1 remedy
- >= 1.0.0, <= 4.4.9
Joomla Convert Forms SQL Injection Vulnerability
Vulnerability
Patched
A SQL injection vulnerability has been identified in the Convert Forms component for Joomla, affecting versions 1.0.0 through 4.4.9. This vulnerability allows authenticated administrators to execute arbitrary SQL commands in the submission management area of the backend.
Impact
Exploitation of this vulnerability allows for SQL injection, which could be used to manipulate database queries, potentially leading to unauthorized data access or modification.
Reproduction
To reproduce this vulnerability, an authenticated administrator can navigate to the 'Convert Forms' submissions page. After selecting an unpublished form, the 'filter[form_id]' parameter can be exploited by injecting SQL payloads. This can be done by using a tool like Burp Suite to intercept and modify the request before it is sent to the server.
Remediation
Users are advised to update to Convert Forms version 4.4.10 or later.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
2.5exploitability
6.3remediation
7.7relevance
0.0threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.