Vendor
Balbooa Joomla Forms Builder version 2.0.6 is vulnerable to unauthenticated SQL injection via POST requests to the com_baforms component, allowing remote attackers to execute arbitrary SQL queries and extract sensitive database information by manipulating the 'id' parameter in a JSON payload.