CVE-2017-15993 – This vulnerability allows attackers to execute ... (How to Fix)

📋 TL;DR

This vulnerability allows attackers to execute arbitrary SQL commands through the 'resid' parameter in restaurant-menu.php in Zomato Clone Script. This affects all websites using this script without proper input validation. Attackers can potentially access, modify, or delete database content.

💻 Affected Systems

Products:

Zomato Clone Script

Versions: All versions prior to patching

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Any installation using the vulnerable restaurant-menu.php file is affected.

📦 What is this software?

Zomato Clone Script by Zomato Clone Script Project

View all CVEs affecting Zomato Clone Script →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, and potential remote code execution if database permissions allow.

🟠

Likely Case

Unauthorized data access, data manipulation, and potential privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, though SQL injection attempts may still be logged.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is typically internet-facing in web applications.

🏢 Internal Only: MEDIUM - Lower risk if application is internal-only, but still vulnerable to insider threats.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple SQL injection with publicly available exploit code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

1. Locate restaurant-menu.php file
2. Implement parameterized queries or input validation
3. Sanitize all user inputs
4. Test the fix thoroughly

🔧 Temporary Workarounds

Input Validation Workaround

all

Add input validation to check if resid parameter contains only numeric values

// PHP code to validate resid parameter
if (!is_numeric($_GET['resid'])) {
    die('Invalid input');
}

WAF Rule Implementation

linux

Implement web application firewall rules to block SQL injection patterns

# Example mod_security rule
SecRule ARGS:resid "@detectSQLi" "id:1001,phase:2,deny,status:403"

🧯 If You Can't Patch

Implement network segmentation to isolate the vulnerable system
Deploy a web application firewall with SQL injection detection rules

🔍 How to Verify

Check if Vulnerable:

Test the restaurant-menu.php endpoint with SQL injection payloads like: restaurant-menu.php?resid=1' OR '1'='1

Check Version:

Check script version in configuration files or documentation

Verify Fix Applied:

Attempt SQL injection tests and verify they are blocked or produce error messages without database interaction

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed parameter validation attempts
Suspicious patterns in resid parameter values

Network Indicators:

SQL keywords in HTTP GET parameters
Unusual database query patterns
Multiple rapid requests to restaurant-menu.php

SIEM Query:

source="web_logs" AND (uri="*restaurant-menu.php*" AND (param="*resid=*'*" OR param="*resid=*%27*" OR param="*resid=* OR *"))

📊 Metadata

CVE ID: CVE-2017-15993

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: October 31, 2017

Last Updated: April 20, 2025

🔗 References

https://www.exploit-db.com/exploits/43066/ Exploit,Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/43066/ Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-15993, you might also want to check these: