Search
Find a vulnerability
Search criteria
4 vulnerabilities found for vBizz by Wdmtech
CVE-2019-25759 (GCVE-0-2019-25759)
Vulnerability from nvd – Published: 2026-06-19 17:38 – Updated: 2026-06-22 17:13
VLAI
Title
Joomla! Component vBizz 1.0.7 SQL Injection
Summary
Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array values containing SQL commands to extract sensitive database information including version and database names.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46223 | exploit |
| http://wdmtech.com/ | product |
| https://extensions.joomla.org/extensions/extensio… | product |
| https://www.vulncheck.com/advisories/joomla-compo… | third-party-advisory |
Date Public
2019-01-23 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25759",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T17:07:52.891878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T17:13:22.606Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vBizz",
"vendor": "Wdmtech",
"versions": [
{
"status": "affected",
"version": "1.0.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ihsan Sencan"
}
],
"datePublic": "2019-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array values containing SQL commands to extract sensitive database information including version and database names."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T17:38:39.694Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46223",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46223"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://wdmtech.com/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://extensions.joomla.org/extensions/extension/marketing/crm/vbizz/"
},
{
"name": "VulnCheck Advisory: Joomla! Component vBizz 1.0.7 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/joomla-component-vbizz-sql-injection"
}
],
"title": "Joomla! Component vBizz 1.0.7 SQL Injection",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25759",
"datePublished": "2026-06-19T17:38:39.694Z",
"dateReserved": "2026-06-19T14:31:39.773Z",
"dateUpdated": "2026-06-22T17:13:22.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25758 (GCVE-0-2019-25758)
Vulnerability from nvd – Published: 2026-06-19 17:35 – Updated: 2026-06-22 17:05
VLAI
Title
Joomla! Component vBizz 1.0.7 Remote Code Execution
Summary
Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profile_pic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and execute them from the uploads directory to achieve remote code execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46224 | exploit |
| http://wdmtech.com/ | product |
| https://extensions.joomla.org/extensions/extensio… | product |
| https://www.vulncheck.com/advisories/joomla-compo… | third-party-advisory |
Date Public
2019-01-23 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T17:05:28.488607Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T17:05:51.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vBizz",
"vendor": "Wdmtech",
"versions": [
{
"status": "affected",
"version": "1.0.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ihsan Sencan"
}
],
"datePublic": "2019-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profile_pic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and execute them from the uploads directory to achieve remote code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T17:35:17.973Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46224",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46224"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://wdmtech.com/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://extensions.joomla.org/extensions/extension/marketing/crm/vbizz/"
},
{
"name": "VulnCheck Advisory: Joomla! Component vBizz 1.0.7 Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/joomla-component-vbizz-remote-code-execution"
}
],
"title": "Joomla! Component vBizz 1.0.7 Remote Code Execution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25758",
"datePublished": "2026-06-19T17:35:17.973Z",
"dateReserved": "2026-06-19T14:31:18.473Z",
"dateUpdated": "2026-06-22T17:05:51.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25759 (GCVE-0-2019-25759)
Vulnerability from cvelistv5 – Published: 2026-06-19 17:38 – Updated: 2026-06-22 17:13
VLAI
Title
Joomla! Component vBizz 1.0.7 SQL Injection
Summary
Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array values containing SQL commands to extract sensitive database information including version and database names.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46223 | exploit |
| http://wdmtech.com/ | product |
| https://extensions.joomla.org/extensions/extensio… | product |
| https://www.vulncheck.com/advisories/joomla-compo… | third-party-advisory |
Date Public
2019-01-23 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25759",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T17:07:52.891878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T17:13:22.606Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vBizz",
"vendor": "Wdmtech",
"versions": [
{
"status": "affected",
"version": "1.0.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ihsan Sencan"
}
],
"datePublic": "2019-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array values containing SQL commands to extract sensitive database information including version and database names."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T17:38:39.694Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46223",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46223"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://wdmtech.com/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://extensions.joomla.org/extensions/extension/marketing/crm/vbizz/"
},
{
"name": "VulnCheck Advisory: Joomla! Component vBizz 1.0.7 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/joomla-component-vbizz-sql-injection"
}
],
"title": "Joomla! Component vBizz 1.0.7 SQL Injection",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25759",
"datePublished": "2026-06-19T17:38:39.694Z",
"dateReserved": "2026-06-19T14:31:39.773Z",
"dateUpdated": "2026-06-22T17:13:22.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25758 (GCVE-0-2019-25758)
Vulnerability from cvelistv5 – Published: 2026-06-19 17:35 – Updated: 2026-06-22 17:05
VLAI
Title
Joomla! Component vBizz 1.0.7 Remote Code Execution
Summary
Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profile_pic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and execute them from the uploads directory to achieve remote code execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46224 | exploit |
| http://wdmtech.com/ | product |
| https://extensions.joomla.org/extensions/extensio… | product |
| https://www.vulncheck.com/advisories/joomla-compo… | third-party-advisory |
Date Public
2019-01-23 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T17:05:28.488607Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T17:05:51.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vBizz",
"vendor": "Wdmtech",
"versions": [
{
"status": "affected",
"version": "1.0.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ihsan Sencan"
}
],
"datePublic": "2019-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profile_pic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and execute them from the uploads directory to achieve remote code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T17:35:17.973Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46224",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46224"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://wdmtech.com/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://extensions.joomla.org/extensions/extension/marketing/crm/vbizz/"
},
{
"name": "VulnCheck Advisory: Joomla! Component vBizz 1.0.7 Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/joomla-component-vbizz-remote-code-execution"
}
],
"title": "Joomla! Component vBizz 1.0.7 Remote Code Execution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25758",
"datePublished": "2026-06-19T17:35:17.973Z",
"dateReserved": "2026-06-19T14:31:18.473Z",
"dateUpdated": "2026-06-22T17:05:51.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}