Login Sign Up

CVE-2017-17632

9.8 CRITICAL
SQL Injection

📋 TL;DR

This vulnerability allows attackers to execute arbitrary SQL commands via the findcity.php q parameter in Responsive Events And Movie Ticket Booking Script 3.2.1. Attackers can potentially access, modify, or delete database content. All users running this specific version of the script are affected.

💻 Affected Systems

Products:
  • Responsive Events And Movie Ticket Booking Script
Versions: 3.2.1
Operating Systems: Any OS running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations of version 3.2.1 regardless of configuration.

📦 What is this software?

Responsive Events And Movie Ticket Booking Script by Responsive Events And Movie Ticket Booking Script Project

View all CVEs affecting Responsive Events And Movie Ticket Booking Script →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, authentication bypass, and potential remote code execution if database functions allow it.

🟠

Likely Case

Unauthorized data access and extraction of sensitive information like user credentials, payment details, and personal data.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Multiple public exploit scripts available with simple HTTP requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add input validation to sanitize the q parameter before processing

Modify findcity.php to use prepared statements with parameterized queries

WAF Rule Implementation

all

Add web application firewall rules to block SQL injection patterns

Add WAF rule: SecRule ARGS:q "@detectSQLi" "id:1001,phase:2,deny"

🧯 If You Can't Patch

  • Implement network segmentation to isolate the vulnerable system
  • Add strict input validation and output encoding in the application code

🔍 How to Verify

Check if Vulnerable:

Test by sending a crafted SQL injection payload to /findcity.php?q=test' OR '1'='1

Check Version:

Check script version in admin panel or configuration files

Verify Fix Applied:

Test with SQL injection payloads and verify they are rejected or sanitized

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts from single IP
  • HTTP requests with SQL keywords in q parameter

Network Indicators:

  • HTTP requests containing SQL injection patterns in URL parameters
  • Unusual database connection patterns

SIEM Query:

source="web_logs" AND (url="*findcity.php*" AND (param="*q=*' OR*" OR param="*q=*' UNION*" OR param="*q=*' SELECT*"))

📊 Metadata

CVE ID: CVE-2017-17632
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: December 13, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-17632, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)