Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
PlayJoom 0.10.1: Unauthenticated SQL Injection Allows Data Exposure
CVE-2018-25197
Summary
The PlayJoom software version 0.10.1 has a security weakness that allows hackers to access sensitive information without needing a password. This means they can see usernames, database details, and other potentially sensitive data. To protect yourself, update to the latest version of PlayJoom.
Original title
PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can...
Original description
PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with option=com_playjoom&view=genre&catid=[SQL] to extract sensitive database information including usernames, databases, and version details.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026