Loading market data...
← Back to CVE feed

CVE-2019-25749

HIGH CVSS 7.1 View on NVD ↗

Description

Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the guest_adult parameter. Attackers can send POST requests to the cruises endpoint with crafted SQL payloads in the guest_adult parameter to extract sensitive database information or manipulate database records.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Published: Jun 19, 2026 18:16 UTC Modified: Jun 19, 2026 18:16 UTC