CVE-2017-20277

Joomla JoomRecipe 1.0.4 Component Blind SQL Injection via search_author

CVSS 8.8 HIGHEPSS 0.3%CWE-89

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Affected products

Joomboost · Joomla JoomRecipe

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/42347unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://joomboost.com/https://extensions.joomla.org/extensions/extension/vertical-markets/food-a-beverage/joomrecipe/https://www.exploit-db.com/exploits/42347 https://www.vulncheck.com/advisories/joomla-joomrecipe-component-blind-sql-injection-via-search-author