CVE-2017-17570 – CVE-2017-17570 is a critical SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2017-17570?

CVE-2017-17570 has a CVSS score of 9.8 (CRITICAL). CVE-2017-17570 is a critical SQL injection vulnerability in FS Expedia Clone 1.0 that allows attackers to execute arbitrary SQL commands via multiple parameters. This affects all users running this specific travel booking software, potentially leading to complete database compromise.

📋 TL;DR

CVE-2017-17570 is a critical SQL injection vulnerability in FS Expedia Clone 1.0 that allows attackers to execute arbitrary SQL commands via multiple parameters. This affects all users running this specific travel booking software, potentially leading to complete database compromise.

💻 Affected Systems

Products:

FS Expedia Clone

Versions: 1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerable in default configuration via pages.php, content.php, or show-flight-result.php parameters.

📦 What is this software?

Expedia Clone by Expedia Clone Project

View all CVEs affecting Expedia Clone →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database takeover, data exfiltration, authentication bypass, and potential remote code execution via database functions.

🟠

Likely Case

Database information disclosure, credential theft, and manipulation of booking/reservation data.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Multiple public exploit scripts available with simple parameter manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Replace with secure alternative software or implement custom fixes.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for id, fl_orig, and fl_dest parameters to allow only expected data types.

Web Application Firewall Rules

all

Deploy WAF rules to block SQL injection patterns targeting vulnerable parameters.

🧯 If You Can't Patch

Isolate the application behind a reverse proxy with strict input filtering
Implement network segmentation to limit database access from the application server

🔍 How to Verify

Check if Vulnerable:

Test parameters with SQL injection payloads: pages.php?id=1' OR '1'='1 or show-flight-result.php?fl_orig=test' OR '1'='1

Check Version:

Check software version in admin panel or configuration files.

Verify Fix Applied:

Verify SQL injection payloads no longer execute and return error pages instead of database results.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple rapid requests with SQL syntax in parameters

Network Indicators:

HTTP requests containing SQL keywords in id, fl_orig, or fl_dest parameters

SIEM Query:

web.url:*pages.php* AND (web.param:*OR* OR web.param:*UNION* OR web.param:*SELECT*)

📊 Metadata

CVE ID: CVE-2017-17570

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: December 13, 2017

Last Updated: April 20, 2025

🔗 References

https://packetstormsecurity.com/files/145297/FS-Expedia-Clone-1.0-SQL-Injection.html Exploit,Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/43261/ Exploit,Third Party Advisory,VDB Entry
https://packetstormsecurity.com/files/145297/FS-Expedia-Clone-1.0-SQL-Injection.html Exploit,Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/43261/ Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-17570, you might also want to check these: