Login Sign Up

CVE-2017-15970

9.8 CRITICAL
SQL Injection

📋 TL;DR

CVE-2017-15970 is a critical SQL injection vulnerability in PHP CityPortal 2.0 that allows attackers to execute arbitrary SQL commands via the nid or cat parameters. This affects all installations of PHP CityPortal 2.0, potentially compromising the entire database and web application.

💻 Affected Systems

Products:
  • PHP CityPortal
Versions: 2.0
Operating Systems: All platforms running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations of PHP CityPortal 2.0 regardless of configuration.

📦 What is this software?

Phpcityportal by Phpcityportal

View all CVEs affecting Phpcityportal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, authentication bypass, and potential remote code execution via database functions.

🟠

Likely Case

Database information disclosure, data manipulation, and potential privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Multiple public exploit scripts available, requiring minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch available. Consider migrating to a maintained CMS or implementing custom security fixes.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and parameterized queries for nid and cat parameters

Modify index.php to use prepared statements: $stmt = $pdo->prepare('SELECT * FROM news WHERE id = ?'); $stmt->execute([$nid]);

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns

Add WAF rule: SecRule ARGS_GET:/(nid|cat)/ "@detectSQLi" "id:1001,phase:2,deny,status:403"

🧯 If You Can't Patch

  • Isolate the vulnerable system behind a reverse proxy with strict input filtering
  • Implement network segmentation to limit database access from the web server

🔍 How to Verify

Check if Vulnerable:

Test by appending SQL injection payloads to index.php?page=news&nid=1' OR '1'='1

Check Version:

Check PHP CityPortal version in admin panel or configuration files

Verify Fix Applied:

Attempt SQL injection tests and verify they are blocked or sanitized

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in web server logs
  • Multiple requests with SQL keywords in parameters
  • Requests to index.php with suspicious nid/cat values

Network Indicators:

  • SQL keywords in GET parameters
  • Unusual database connection patterns from web server

SIEM Query:

source="web_logs" AND (uri="*index.php*" AND (param="*nid=*'*" OR param="*cat=*'*" OR param="*UNION*" OR param="*SELECT*"))

📊 Metadata

CVE ID: CVE-2017-15970
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: October 29, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-15970, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)