What is GHSA-cm4j-r3hw-w37m?

GHSA-cm4j-r3hw-w37m is a security advisory published by GitHub Security Advisories with High severity. Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that...

Which CVE IDs does GHSA-cm4j-r3hw-w37m cover?

GHSA-cm4j-r3hw-w37m covers the following CVE IDs: CVE-2017-20258. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-cm4j-r3hw-w37m?

GHSA-cm4j-r3hw-w37m has a CVSS v3 base score of 8.2, published by GitHub Security Advisories.

GHSA-cm4j-r3hw-w37mHighCVSS 8.2

Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that...

Vendor

GitHub Security Advisories

Published

June 19, 2026

Last Modified

June 19, 2026

🔗 CVE IDs covered (1)

CVE-2017-20258 →

📋 Description

Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_pofos&view=pofo&id=[SQL] to extract sensitive database information.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2017-20258
https://extensions.joomla.org/extension/rpc-responsive-portfolio
https://extro.media
https://www.exploit-db.com/exploits/42564
https://www.vulncheck.com/advisories/joomla-component-rpc-responsive-portfolio-sql-injection
https://github.com/advisories/GHSA-cm4j-r3hw-w37m