Search criteria
2 vulnerabilities by balbooa
CVE-2021-47930 (GCVE-0-2021-47930)
Vulnerability from cvelistv5 – Published: 2026-05-10 12:43 – Updated: 2026-05-12 02:38
VLAI
Title
Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthenticated
Summary
Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the com_baforms component with malicious JSON payloads in the 'id' field parameter to extract sensitive database information.
Severity
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50447 | exploit |
| https://www.balbooa.com/ | product |
| https://www.vulncheck.com/advisories/balbooa-joom… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Balbooa | Balbooa Joomla Forms Builder |
Affected:
2.0.6
|
Date Public
2021-10-24 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47930",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T02:38:10.344812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T02:38:21.372Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Balbooa Joomla Forms Builder",
"vendor": "Balbooa",
"versions": [
{
"status": "affected",
"version": "2.0.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "blockomat2100"
}
],
"datePublic": "2021-10-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the com_baforms component with malicious JSON payloads in the \u0027id\u0027 field parameter to extract sensitive database information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-10T12:43:51.180Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50447",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50447"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.balbooa.com/"
},
{
"name": "VulnCheck Advisory: Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthenticated",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/balbooa-joomla-forms-builder-sql-injection-unauthenticated"
}
],
"title": "Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthenticated",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47930",
"datePublished": "2026-05-10T12:43:51.180Z",
"dateReserved": "2026-02-01T11:24:18.716Z",
"dateUpdated": "2026-05-12T02:38:21.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-11690 (GCVE-0-2018-11690)
Vulnerability from cvelistv5 – Published: 2018-06-14 20:00 – Updated: 2024-08-05 08:17
VLAI
Summary
The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2018/Jun/26 | mailing-listx_refsource_FULLDISC |
| https://vel.joomla.org/resolved/2155-gridbox-com-… | x_refsource_MISC |
| https://vulmon.com/vulnerabilitydetails?qid=CVE-2… | x_refsource_MISC |
| http://packetstormsecurity.com/files/148127/Jooml… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/542066/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2018-06-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:08.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180608 Gridbox extension for Joomla! \u003c= 2.4.0 Reflected Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vel.joomla.org/resolved/2155-gridbox-com-gridbox-multiple-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11690"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/148127/Joomla-2.4.0-Gridbox-Cross-Site-Scripting.html"
},
{
"name": "20180608 Gridbox extension for Joomla! \u003c= 2.4.0 Reflected Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/542066/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim\u0027s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180608 Gridbox extension for Joomla! \u003c= 2.4.0 Reflected Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Jun/26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vel.joomla.org/resolved/2155-gridbox-com-gridbox-multiple-vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11690"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/148127/Joomla-2.4.0-Gridbox-Cross-Site-Scripting.html"
},
{
"name": "20180608 Gridbox extension for Joomla! \u003c= 2.4.0 Reflected Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/542066/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim\u0027s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180608 Gridbox extension for Joomla! \u003c= 2.4.0 Reflected Cross Site Scripting (XSS)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jun/26"
},
{
"name": "https://vel.joomla.org/resolved/2155-gridbox-com-gridbox-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://vel.joomla.org/resolved/2155-gridbox-com-gridbox-multiple-vulnerabilities"
},
{
"name": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11690",
"refsource": "MISC",
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11690"
},
{
"name": "http://packetstormsecurity.com/files/148127/Joomla-2.4.0-Gridbox-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148127/Joomla-2.4.0-Gridbox-Cross-Site-Scripting.html"
},
{
"name": "20180608 Gridbox extension for Joomla! \u003c= 2.4.0 Reflected Cross Site Scripting (XSS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/542066/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11690",
"datePublished": "2018-06-14T20:00:00.000Z",
"dateReserved": "2018-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:17:08.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}