CVE-2017-15989 – This vulnerability allows attackers to execute ... (How to Fix)

📋 TL;DR

This vulnerability allows attackers to execute arbitrary SQL commands through the sort parameter in the resources.php file of Online Exam Test Application. This affects all deployments of the vulnerable application version that expose the web interface. Attackers can potentially access, modify, or delete database content.

💻 Affected Systems

Products:

Online Exam Test Application

Versions: All versions prior to patch

Operating Systems: Any OS running PHP web server

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default installation when resources.php is accessible via web interface.

📦 What is this software?

Online Exam Test Application by Online Exam Test Application Project

View all CVEs affecting Online Exam Test Application →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, authentication bypass, and potential remote code execution via database functions.

🟠

Likely Case

Unauthorized data access, exam result manipulation, user credential theft, and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit available on Exploit-DB, requires no authentication, and uses simple SQL injection techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Review application source code for resources.php
2. Replace vulnerable SQL queries with parameterized prepared statements
3. Implement proper input validation for sort parameter
4. Test thoroughly before deployment

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns in sort parameter

Input Validation Filter

all

Add PHP filter to restrict sort parameter to allowed values only

$allowed_sort = ['asc', 'desc', 'name', 'date'];
if (!in_array($_GET['sort'], $allowed_sort)) {
    $sort = 'default';
}

🧯 If You Can't Patch

Isolate the application behind a reverse proxy with strict input validation
Implement network segmentation to limit database access from web server

🔍 How to Verify

Check if Vulnerable:

Test with payload: resources.php?action=category&sort=1' OR '1'='1

Check Version:

Check application version in admin panel or source code comments

Verify Fix Applied:

Attempt SQL injection payloads and verify they are rejected or sanitized

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in web server logs
Multiple requests with SQL keywords in sort parameter
Requests with single quotes or SQL operators in sort parameter

Network Indicators:

HTTP requests containing SQL injection patterns in GET parameters
Unusual database query patterns from web server IP

SIEM Query:

source="web_logs" AND (uri="*resources.php*" AND (param="*sort=*'*" OR param="*sort=*%27*" OR param="*sort=*OR*" OR param="*sort=*UNION*"))

📊 Metadata

CVE ID: CVE-2017-15989

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: October 31, 2017

Last Updated: April 20, 2025

🔗 References

https://www.exploit-db.com/exploits/43070/ Exploit,Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/43070/ Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-15989, you might also want to check these: