What is GHSA-2xg7-x64v-q25q?

GHSA-2xg7-x64v-q25q is a security advisory published by GitHub Security Advisories with High severity. Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability that allows unauthenticated...

Which CVE IDs does GHSA-2xg7-x64v-q25q cover?

GHSA-2xg7-x64v-q25q covers the following CVE IDs: CVE-2017-20252. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-2xg7-x64v-q25q?

GHSA-2xg7-x64v-q25q has a CVSS v3 base score of 8.2, published by GitHub Security Advisories.

GHSA-2xg7-x64v-q25qHighCVSS 8.2

Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability that allows unauthenticated...

Vendor

GitHub Security Advisories

Published

June 19, 2026

Last Modified

June 19, 2026

🔗 CVE IDs covered (1)

CVE-2017-20252 →

📋 Description

Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the plname parameter. Attackers can send GET requests to index.php with option=com_nge&view=config and inject malicious SQL code in the plname parameter to extract sensitive database information.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2017-20252
https://extensions.joomla.org/extension/nextgen-editor
https://www.exploit-db.com/exploits/43365
https://www.vulncheck.com/advisories/joomla-nextgen-editor-sql-injection-via-plname-parameter
https://github.com/advisories/GHSA-2xg7-x64v-q25q