7.5
CVSSv2

CVE-2017-8917

Published: 17/05/2017 Updated: 16/04/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 819
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

SQL injection vulnerability in Joomla! 3.7.x prior to 3.7.1 allows malicious users to execute arbitrary SQL commands via unspecified vectors.

Vulnerability Trend

Affected Products

Vendor Product Versions
JoomlaJoomla!3.7.0

Exploits

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper include Msf::Exploit::Remote::HTTP::Joomla def init ...
# Exploit Title: Joomla 370 - Sql Injection # Date: 05-19-2017 # Exploit Author: Mateus Lino # Reference: blogsucurinet/2017/05/sql-injection-vulnerability-joomla-3-7html # Vendor Homepage: wwwjoomlaorg/ # Version: = 370 # Tested on: Win, Kali Linux x64, Ubuntu, Manjaro and Arch Linux # CVE : - CVE-2017-8917 URL Vulnerabl ...

Mailing Lists

The Joomla version 370 fields component suffers from a remote SQL injection vulnerability ...

Nmap Scripts

http-vuln-cve2017-8917

An SQL Injection vulnerability affecting Joomla! 3.7.x before 3.7.1 allows for unauthenticated users to execute arbitrary SQL commands. This vulnerability was caused by a new component, com_fields, which was introduced in version 3.7. This component is publicly accessible, which means this can be exploited by any malicious individual visiting the site.

PORT   STATE SERVICE VERSION
80/tcp open  http    Apache httpd 2.4.7 ((Ubuntu))
| http-vuln-cve2017-8917:
|   VULNERABLE:
|   Joomla! 3.7.0 'com_fields' SQL Injection Vulnerability
|       State: VULNERABLE
|     IDs:  CVE:CVE-2017-8917
|     Risk factor: High  CVSSv3: 9.8 (CRITICAL) (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
|       An SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers
|       to execute aribitrary SQL commands via unspecified vectors.
|
|     Disclosure date: 2017-05-17
|     Extra information:
|       User: root@localhost
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8917
|_      https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html

Metasploit Modules

Joomla Component Fields SQLi Remote Code Execution

This module exploits a SQL injection vulnerability in the com_fields component, which was introduced to the core of Joomla in version 3.7.0.

msf > use exploit/unix/webapp/joomla_comfields_sqli_rce
      msf exploit(joomla_comfields_sqli_rce) > show targets
            ...targets...
      msf exploit(joomla_comfields_sqli_rce) > set TARGET <target-id>
      msf exploit(joomla_comfields_sqli_rce) > show options
            ...show and set options...
      msf exploit(joomla_comfields_sqli_rce) > exploit

Github Repositories

CVE-2017-8917 This is part of Cved: a tool to manage vulnerable docker containers Cved: gitlabcom/git-rep/cved Image source: githubcom/cved-sources/cve-2017-8917 Image author: githubcom/Medicean/VulApps/tree/master/j/joomla/2

Summary It is a simple script to use ZoomEye API to batch-scan Joomla 37 SQL injection (CVE-2017-8917) Usage git clone githubcom/brianwrf/Joomla37-SQLi-CVE-2017-8917git cd Joomla37-SQLi-CVE-2017-8917 python CVE-2017-8917py Go!!! Reference blogsucurinet/2017/05/sql-injection-vulnerability-joomla-3-7html

ep4-redes CVE-2017-8917 SQL injection Vulnerability in Joomla! 370 exploit Explanation about the vulnerability: blogsucurinet/2017/05/sql-injection-vulnerability-joomla-3-7html

CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明:目前来看,本项目会进行长期维护,有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 Discuz Discuz_<34_birthprovince_前台任意文件删除 DedeCMS DedeCMS_v57_shops_delivery_存储型XSS DedeCMS_v57_carbuyaction_存储型XSS DedeCMS_v57_友情链接CSRF_GetSh

CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明:目前来看,本项目会进行长期维护,有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 ThinkPHP ThinkPHP_323-5010_缓存函数设计缺陷 Discuz Discuz_<34_birthprovince_前台任意文件删除 DedeCMS DedeCMS_v57_shops_delivery_存储型XSS DedeCMS_v57_car

CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明:目前来看,本项目会进行长期维护,有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 Discuz Discuz_<34_birthprovince_前台任意文件删除 DedeCMS DedeCMS_v57_shops_delivery_存储型XSS DedeCMS_v57_carbuyaction_存储型XSS DedeCMS_v57_友情链接CSRF_GetSh

CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明:目前来看,本项目会进行长期维护,有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 Discuz Discuz_<34_birthprovince_前台任意文件删除 DedeCMS DedeCMS_v57_shops_delivery_存储型XSS DedeCMS_v57_carbuyaction_存储型XSS DedeCMS_v57_友情链接CSRF_GetSh

Exploits Miscellaneous proof of concept exploit code written at Xiphos Research for testing purposes Current Exploits (index may be out of date) phpMoAdmin Remote Code Execution (CVE-2015-2208) LotusCMS Remote Code Execution (OSVDB-75095) ElasticSearch Remote Code Execution (CVE-2015-1427) ShellShock (httpd) Remote Code Execution (CVE-2014-6271) IISlap - httpsys Denial of Se

Exploits Miscellaneous proof of concept exploit code written at Xiphos Research for testing purposes Current Exploits (index may be out of date) phpMoAdmin Remote Code Execution (CVE-2015-2208) LotusCMS Remote Code Execution (OSVDB-75095) ElasticSearch Remote Code Execution (CVE-2015-1427) ShellShock (httpd) Remote Code Execution (CVE-2014-6271) IISlap - httpsys Denial of Se

Exploits Miscellaneous proof of concept exploit code written at Xiphos Research for testing purposes Current Exploits (index may be out of date) phpMoAdmin Remote Code Execution (CVE-2015-2208) LotusCMS Remote Code Execution (OSVDB-75095) ElasticSearch Remote Code Execution (CVE-2015-1427) ShellShock (httpd) Remote Code Execution (CVE-2014-6271) IISlap - httpsys Denial of Se

Exploits Containing Self Made Perl Reproducers / PoC Codes This Git Repository Conatains Pesonnal Works That I Do On My free time Donations / Support If you want to support/help me/my projects : BTC : 1N9BgzVVT8ye3UEUXb2p7Pum7RbmEx3byz ETC : 0x789bc32e951ccdaa5702d70fe02e21f596baa085 ETH : 0x789bc32e951ccdaa5702d70fe02e21f596baa085 LTC : LVSPDkX5Dr95cKqQnCMoLgYyzGBdtSsi3y T

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP Arduino Assembly AutoHotkey AutoIt Batchfile BitBake Bro C C# C++ CSS CoffeeScript Dockerfile Emacs Lisp Erlang Game Maker Language Go HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

New Joomla SQL Injection Flaw Is Ridiculously Simple to Exploit
BleepingComputer • Catalin Cimpanu • 17 May 2017

The Joomla CMS project released today Joomla 3.7.1 to fix an SQL injection flaw that allows attackers to execute custom SQL code on affected systems and take over vulnerable sites.
Sucuri analyst Marc-Alexandre Montpas discovered this flaw while performing regular audits of popular CMS projects to improve the Sucuri Web Application Firewall.
The bug is found in a new com_field component that was added to the Joomla frontend code in version 3.7.0. According to Montpas, this component ...