Login Sign Up

CVE-2017-17574

9.8 CRITICAL
SQL Injection

📋 TL;DR

CVE-2017-17574 is a critical SQL injection vulnerability in FS Care Clone 1.0 that allows attackers to execute arbitrary SQL commands via the searchJob.php script. This affects all organizations using this specific software version, potentially leading to complete database compromise. The vulnerability requires no authentication and has publicly available exploit code.

💻 Affected Systems

Products:
  • FS Care Clone
Versions: 1.0
Operating Systems: Any OS running PHP/MySQL
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default installation. Requires PHP/MySQL environment with the vulnerable searchJob.php script accessible.

📦 What is this software?

Care Clone by Care Clone Project

View all CVEs affecting Care Clone →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, privilege escalation, and potential remote code execution if database functions allow it.

🟠

Likely Case

Database information disclosure, data manipulation, and potential authentication bypass through SQL injection.

🟢

If Mitigated

Limited impact if proper input validation, parameterized queries, and web application firewalls are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Multiple public exploit scripts available. Simple HTTP requests with SQL injection payloads in jobType or jobFrequency parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

No official patch available. Consider: 1. Replace with alternative software 2. Apply manual code fixes 3. Implement workarounds

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add input validation and parameterized queries to searchJob.php

Edit searchJob.php to use prepared statements with parameterized queries

Web Application Firewall (WAF)

all

Deploy WAF with SQL injection protection rules

Configure WAF to block SQL injection patterns in request parameters

🧯 If You Can't Patch

  • Block external access to searchJob.php via firewall rules or web server configuration
  • Implement network segmentation to isolate the vulnerable system from sensitive data

🔍 How to Verify

Check if Vulnerable:

Test searchJob.php with SQL injection payloads in jobType or jobFrequency parameters (e.g., ' OR '1'='1)

Check Version:

Check software version in admin panel or configuration files

Verify Fix Applied:

Test with same SQL injection payloads after fixes - should return error or no database manipulation

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts after SQL injection
  • HTTP requests with SQL keywords in parameters

Network Indicators:

  • HTTP requests containing SQL injection patterns to searchJob.php
  • Unusual database traffic patterns

SIEM Query:

source="web_logs" AND (uri="*searchJob.php*" AND (param="*jobType*" OR param="*jobFrequency*") AND (value="*OR*" OR value="*UNION*" OR value="*SELECT*"))

📊 Metadata

CVE ID: CVE-2017-17574
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: December 13, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-17574, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)