CVE-2017-15960 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2017-15960?

CVE-2017-15960 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to execute arbitrary SQL commands through the id parameter in author.php or category.php files in Article Directory Script 3.0. This affects all installations of Article Directory Script 3.0 that are exposed to untrusted input.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary SQL commands through the id parameter in author.php or category.php files in Article Directory Script 3.0. This affects all installations of Article Directory Script 3.0 that are exposed to untrusted input.

💻 Affected Systems

Products:

Article Directory Script

Versions: 3.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable as the SQL injection exists in core script files.

📦 What is this software?

Article Directory Script by Yourarticlesdirectory

View all CVEs affecting Article Directory Script →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise allowing data theft, modification, or deletion, and potential remote code execution if database permissions allow.

🟠

Likely Case

Unauthorized data access, privilege escalation, or database manipulation leading to information disclosure or site defacement.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Multiple public exploit scripts available requiring minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch available. Consider migrating to a maintained alternative or implementing workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add server-side validation to sanitize the id parameter before processing SQL queries.

Modify author.php and category.php to validate id parameter as integer using is_numeric() or filter_var()

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns targeting id parameter.

Configure WAF to block requests with SQL injection patterns in id parameter

🧯 If You Can't Patch

Isolate the vulnerable system behind a reverse proxy with strict input filtering
Implement network segmentation to limit database access from web server

🔍 How to Verify

Check if Vulnerable:

Test author.php?id=1' OR '1'='1 and category.php?id=1' OR '1'='1 for SQL error responses

Check Version:

Check script version in admin panel or readme files

Verify Fix Applied:

Test same payloads after fixes; should return normal responses without SQL errors

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in web server logs
Multiple requests with SQL syntax in id parameter

Network Indicators:

HTTP requests containing SQL keywords in id parameter
Abnormal database query patterns

SIEM Query:

source="web_logs" AND (id="*' OR*" OR id="*UNION*" OR id="*SELECT*" OR id="*--*" OR id="*/*")

📊 Metadata

CVE ID: CVE-2017-15960

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: October 29, 2017

Last Updated: April 20, 2025

🔗 References

https://packetstormsecurity.com/files/144429/Article-Directory-Script-3.0-SQL-Injection.html Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/43099/ Third Party Advisory,VDB Entry
https://packetstormsecurity.com/files/144429/Article-Directory-Script-3.0-SQL-Injection.html Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/43099/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-15960, you might also want to check these: