What is GHSA-78h7-96vm-7f8g?

GHSA-78h7-96vm-7f8g is a security advisory published by GitHub Security Advisories with High severity. Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows...

Which CVE IDs does GHSA-78h7-96vm-7f8g cover?

GHSA-78h7-96vm-7f8g covers the following CVE IDs: CVE-2017-20281. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-78h7-96vm-7f8g?

GHSA-78h7-96vm-7f8g has a CVSS v3 base score of 8.2, published by GitHub Security Advisories.

GHSA-78h7-96vm-7f8gHighCVSS 8.2

Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows...

Vendor

GitHub Security Advisories

Published

June 19, 2026

Last Modified

June 19, 2026

🔗 CVE IDs covered (1)

CVE-2017-20281 →

📋 Description

Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename parameter. Attackers can send GET requests to index.php with the option=com_extrasearch parameter and malicious SQL in the establename field to extract sensitive database information.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2017-20281
https://www.exploit-db.com/exploits/41663
https://www.vulncheck.com/advisories/joomla-component-extra-search-sql-injection
http://www.joomlaboat.com
https://github.com/advisories/GHSA-78h7-96vm-7f8g