What is GHSA-gr2q-v448-w3vm?

GHSA-gr2q-v448-w3vm is a security advisory published by GitHub Security Advisories with High severity. Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL injection vulnerability that allows...

Which CVE IDs does GHSA-gr2q-v448-w3vm cover?

GHSA-gr2q-v448-w3vm covers the following CVE IDs: CVE-2017-20263. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-gr2q-v448-w3vm?

GHSA-gr2q-v448-w3vm has a CVSS v3 base score of 8.2, published by GitHub Security Advisories.

GHSA-gr2q-v448-w3vmHighCVSS 8.2

Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL injection vulnerability that allows...

Vendor

GitHub Security Advisories

Published

June 19, 2026

Last Modified

June 19, 2026

🔗 CVE IDs covered (1)

CVE-2017-20263 →

📋 Description

Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_focalpoint, view=location, and a crafted id parameter containing SQL commands to extract sensitive database information.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2017-20263
https://www.exploit-db.com/exploits/42530
https://www.vulncheck.com/advisories/joomla-focalpoint-pro-free-sql-injection-via-location
http://focalpointx.com
http://focalpointx.com/demos/focalpoint-pro
https://github.com/advisories/GHSA-gr2q-v448-w3vm