Unrated severityNVD Advisory· Published Jun 19, 2026

Joomla! Component vBizz 1.0.7 SQL Injection

CVE-2019-25759

Description

Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array values containing SQL commands to extract sensitive database information including version and database names.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/Vbizzinferred
Range: =1.0.7
Package: https://wordpress.org/plugins/vbizz
Joomla/vBizzllm-fuzzy
Range: =1.0.7

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/46223mitreexploit
www.vulncheck.com/advisories/joomla-component-vbizz-sql-injectionmitrethird-party-advisory
wdmtech.commitreproduct
extensions.joomla.org/extensions/extension/marketing/crm/vbizz/mitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000