Unrated severityNVD Advisory· Published Jun 19, 2026

Joomla! FocalPoint Pro Free 1.2.3 SQL Injection via location

CVE-2017-20263

Description

Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_focalpoint, view=location, and a crafted id parameter containing SQL commands to extract sensitive database information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Joomla/FocalPoint Pro/Freellm-create
Range: =1.2.3

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/42530mitreexploit
www.vulncheck.com/advisories/joomla-focalpoint-pro-free-sql-injection-via-locationmitrethird-party-advisory
focalpointx.commitreproduct
focalpointx.com/demos/focalpoint-promitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000