What is GHSA-53wm-r5wv-4rc3?

GHSA-53wm-r5wv-4rc3 is a security advisory published by GitHub Security Advisories with High severity. Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows...

Which CVE IDs does GHSA-53wm-r5wv-4rc3 cover?

GHSA-53wm-r5wv-4rc3 covers the following CVE IDs: CVE-2017-20280. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-53wm-r5wv-4rc3?

GHSA-53wm-r5wv-4rc3 has a CVSS v3 base score of 8.2, published by GitHub Security Advisories.

GHSA-53wm-r5wv-4rc3HighCVSS 8.2

Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows...

Vendor

GitHub Security Advisories

Published

June 19, 2026

Last Modified

June 19, 2026

🔗 CVE IDs covered (1)

CVE-2017-20280 →

📋 Description

Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid endpoint to extract sensitive database information.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2017-20280
https://www.exploit-db.com/exploits/41930
https://www.vulncheck.com/advisories/joomla-component-myportfolio-sql-injection-via-pid-parameter
https://github.com/advisories/GHSA-53wm-r5wv-4rc3