Login Sign Up

CVE-2017-15946

9.8 CRITICAL
SQL Injection

📋 TL;DR

This is a critical SQL injection vulnerability in Joomla!'s com_tag component that allows attackers to execute arbitrary SQL commands through the 'tag' parameter. It affects Joomla! websites running com_tag component version 1.7.6. Attackers can exploit this without authentication via GET requests.

💻 Affected Systems

Products:
  • Joomla! com_tag component
Versions: 1.7.6
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Joomla! installations with com_tag component installed. The vulnerability is in the component itself, not core Joomla!.

📦 What is this software?

Tag Meta by Selfget

View all CVEs affecting Tag Meta →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, remote code execution, and full system takeover.

🟠

Likely Case

Database information disclosure, data manipulation, and potential administrative access to the Joomla! installation.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, but still significant risk.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple GET request exploitation with publicly available proof-of-concept code. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to com_tag component version 1.7.7 or later

Vendor Advisory: https://www.joomla.org/announcements/release-news/5824-joomla-3-8-2-and-3-7-5-security-releases.html

Restart Required: No

Instructions:

1. Update Joomla! to version 3.8.2 or 3.7.5. 2. Update com_tag component to version 1.7.7 or later via Joomla! Extension Manager. 3. Clear Joomla! cache after update.

🔧 Temporary Workarounds

Input Validation Filter

all

Add custom input validation for the 'tag' parameter to filter SQL injection attempts

Implement parameterized queries or input sanitization in affected PHP files

Web Application Firewall Rule

all

Block SQL injection patterns in the 'tag' parameter

Add WAF rule: Block requests with SQL keywords in 'tag' parameter

🧯 If You Can't Patch

  • Disable com_tag component entirely if not needed
  • Implement strict network segmentation and limit database permissions

🔍 How to Verify

Check if Vulnerable:

Check Joomla! Extension Manager for com_tag component version. If version is 1.7.6, system is vulnerable.

Check Version:

Check Joomla! admin panel → Extensions → Manage → Search for 'com_tag'

Verify Fix Applied:

Verify com_tag component version is 1.7.7 or later in Joomla! Extension Manager

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in Joomla! logs
  • Multiple requests with SQL keywords in 'tag' parameter
  • Unexpected database queries from web server

Network Indicators:

  • GET requests with SQL injection patterns in URL parameters
  • Unusual database connections from web server

SIEM Query:

source="joomla.logs" AND ("SQL syntax" OR "tag=" AND (SELECT OR UNION OR DROP OR INSERT))

📊 Metadata

CVE ID: CVE-2017-15946
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: October 28, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-15946, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)