CVE-2017-17870 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2017-17870?

CVE-2017-17870 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to execute arbitrary SQL commands through the JBuildozer extension in Joomla! via the appid parameter. It affects Joomla! sites using JBuildozer extension version 1.4.1. Successful exploitation could lead to data theft, modification, or complete system compromise.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary SQL commands through the JBuildozer extension in Joomla! via the appid parameter. It affects Joomla! sites using JBuildozer extension version 1.4.1. Successful exploitation could lead to data theft, modification, or complete system compromise.

💻 Affected Systems

Products:

JBuildozer extension for Joomla!

Versions: 1.4.1

Operating Systems: All platforms running Joomla!

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Joomla! installations with JBuildozer extension version 1.4.1 installed and enabled.

📦 What is this software?

Jbuildozer by Jbuildozer

View all CVEs affecting Jbuildozer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, privilege escalation, and potential remote code execution via database functions.

🟠

Likely Case

Unauthorized access to sensitive data stored in the database, including user credentials, personal information, and site configuration.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH - Joomla! sites are typically internet-facing, making them directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal Joomla! sites could still be targeted by internal threats or compromised accounts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available and requires no authentication. Attackers can directly target the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.2 or later

Vendor Advisory: https://vel.joomla.org/vel-blog/2046-jbuildozer-1-4-1-sql-injection

Restart Required: No

Instructions:

1. Update JBuildozer extension to version 1.4.2 or later via Joomla! Extension Manager. 2. Verify the update completed successfully. 3. Test the entriessearch functionality to ensure it works without errors.

🔧 Temporary Workarounds

Disable JBuildozer extension

all

Temporarily disable the vulnerable extension until patching is possible.

Navigate to Joomla! admin panel > Extensions > Manage > Disable JBuildozer

Web Application Firewall (WAF) rules

all

Implement WAF rules to block SQL injection attempts targeting the appid parameter.

Add WAF rule: Block requests containing SQL injection patterns in appid parameter

🧯 If You Can't Patch

Implement input validation and sanitization for the appid parameter in the entriessearch action.
Use parameterized queries or prepared statements for all database interactions involving user input.

🔍 How to Verify

Check if Vulnerable:

Check Joomla! admin panel > Extensions > Manage > JBuildozer version. If version is 1.4.1, the system is vulnerable.

Check Version:

Check via Joomla! admin interface or examine /administrator/components/com_jbuildozer/jbuildozer.xml file version tag.

Verify Fix Applied:

Verify JBuildozer version is 1.4.2 or later in the Joomla! Extension Manager.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts after SQL injection
Unexpected database errors in Joomla! logs

Network Indicators:

HTTP requests with SQL injection patterns in appid parameter
Unusual traffic to /index.php?option=com_jbuildozer&task=entriessearch

SIEM Query:

source="web_logs" AND (uri="*com_jbuildozer*entriessearch*" AND (param="*appid=*UNION*" OR param="*appid=*SELECT*" OR param="*appid=*OR*"))

📊 Metadata

CVE ID: CVE-2017-17870

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: December 27, 2017

Last Updated: April 20, 2025

🔗 References

https://vel.joomla.org/vel-blog/2046-jbuildozer-1-4-1-sql-injection Third Party Advisory
https://www.exploit-db.com/exploits/43323/ Exploit,Third Party Advisory,VDB Entry
https://vel.joomla.org/vel-blog/2046-jbuildozer-1-4-1-sql-injection Third Party Advisory
https://www.exploit-db.com/exploits/43323/ Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-17870, you might also want to check these: