SQL Injection Vulnerability in Joomla! 3.7

by CIRT Team

Description: SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. The vulnerability is caused by a new component, com_fields, which was introduced in version 3.7.

Impact: An SQL injection flaw that allows attackers to execute custom SQL code on affected systems and take over vulnerable sites.

Mitigation: Upgrade to version 3.7.1. Please check specific vendor advisory for more information.

Reference URL’s:

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8917
• https://www.joomla.org/announcements/release-news/5705-joomla-3-7-1-release.html
• https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html

CIRT Team

Recommended Posts

Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers

08 Feb 2024 - Articles, English articles, Security Advisories & Alerts

বাংলাদেশের আইটি কাঠামোয় তথ্য চুরির ম্যালওয়ারের বিস্তার সম্পর্কে সতর্কতা

18 Jan 2024 - Articles, Bangla Articles, News, Security Advisories & Alerts

সাইবার থ্রেট এলার্টঃ বাংলাদেশকে লক্ষ্য করে চলমান ফিশিং ক্যাম্পেইন

04 Jan 2024 - News, Security Advisories & Alerts