CVE-2017-15979 – CVE-2017-15979 is a critical SQL injection vuln... (How to Fix)

📋 TL;DR

CVE-2017-15979 is a critical SQL injection vulnerability in Shareet - Photo Sharing Social Network 1.0 that allows attackers to execute arbitrary SQL commands via the photo parameter. This affects all installations of Shareet 1.0, potentially compromising the entire database. Attackers can steal sensitive user data, modify database contents, or gain administrative access.

💻 Affected Systems

Products:

Shareet - Photo Sharing Social Network

Versions: 1.0

Operating Systems: All platforms running PHP/MySQL

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations of Shareet 1.0 regardless of configuration. The vulnerability is in the core application code.

📦 What is this software?

Shareet by Odallated

View all CVEs affecting Shareet →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, privilege escalation to admin, and potential server takeover via SQL injection to RCE chaining.

🟠

Likely Case

Unauthenticated attackers extracting user credentials, personal information, and session tokens, leading to account takeovers and privacy violations.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available and requires minimal technical skill to execute. The vulnerability is trivially exploitable via HTTP requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

1. Replace vulnerable Shareet 1.0 installation with a secure alternative
2. If continuing with Shareet, manually implement parameterized queries and input validation
3. Sanitize all user inputs, especially the photo parameter

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Implement WAF rules to block SQL injection patterns in photo parameter requests

# Example ModSecurity rule: SecRule ARGS:photo "@detectSQLi" "id:1001,phase:2,deny,status:403"

Input Validation Filter

linux

Add server-side validation to reject malicious photo parameter values

# PHP example: if(preg_match('/[\'\"\;\-\-]/', $_GET['photo'])) { die('Invalid input'); }

🧯 If You Can't Patch

Isolate the Shareet application in a segmented network zone with strict outbound restrictions
Implement database monitoring to detect unusual SQL queries and alert on suspicious activity

🔍 How to Verify

Check if Vulnerable:

Test by sending a SQL injection payload in the photo parameter: http://target.com/page.php?photo=1' OR '1'='1

Check Version:

Check application files for version information or review source code for vulnerable parameter handling

Verify Fix Applied:

Attempt SQL injection tests and verify they are blocked or sanitized without affecting database

📡 Detection & Monitoring

Log Indicators:

HTTP requests with SQL keywords in photo parameter
Database error logs showing SQL syntax errors
Unusual database query patterns from web application

Network Indicators:

HTTP GET/POST requests containing SQL injection payloads
Abnormal response patterns from application

SIEM Query:

source="web_logs" AND (photo="*' OR*" OR photo="*UNION*" OR photo="*SELECT*" OR photo="*--*" OR photo="*;*" OR photo="*/*")

📊 Metadata

CVE ID: CVE-2017-15979

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: October 31, 2017

Last Updated: April 20, 2025

🔗 References

https://www.exploit-db.com/exploits/43080/ Exploit,Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/43080/ Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-15979, you might also want to check these: