Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter. Attackers can send GET requests to index.php with the option=com_bookpro and view=popup parameters, injecting SQL commands in the visatype parameter to extract sensitive database information including credentials and table contents.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 06/20/2026
This vulnerability resides within the Joomla platforms with the affected component as it provides attackers with direct database access without requiring authentication credentials. The impact extends beyond simple data theft to potential system compromise and further lateral movement within network environments. The vulnerability can be exploited through simple web requests making it particularly dangerous as it requires minimal technical expertise to execute successful attacks. Organizations utilizing this component face potential exposure to credential theft, data breaches, and unauthorized modification of database content. The vulnerability demonstrates a failure in the principle of least privilege and proper input validation which are fundamental security requirements according to industry best practices and security frameworks. Attackers can leverage this vulnerability to perform reconnaissance activities by extracting table structures, user accounts, and other sensitive database information. The lack of authentication requirements makes this particularly dangerous as it allows for automated exploitation and mass data extraction. This vulnerability also aligns with attack patterns documented in the attack technique matrix where adversaries exploit input validation flaws to gain unauthorized database access. Organizations should implement immediate mitigations including input validation, parameterized queries, and web application firewalls to prevent exploitation. The vulnerability highlights the importance of regular security assessments and component updates to prevent such critical flaws from persisting in production environments. Security teams should prioritize patching this vulnerability and implementing proper database access controls to limit potential damage from successful exploitation attempts.