Login Sign Up

CVE-2017-17931

9.8 CRITICAL
SQL Injection

📋 TL;DR

This vulnerability allows attackers to execute arbitrary SQL commands through the username parameter in forget.php in PHP Scripts Mall Resume Clone Script. It affects all users running vulnerable versions of this software, potentially leading to unauthorized database access.

💻 Affected Systems

Products:
  • PHP Scripts Mall Resume Clone Script
Versions: All versions prior to patched version (specific version unknown)
Operating Systems: Any OS running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations using the default forget.php script without modifications.

📦 What is this software?

Resume Clone Script by Resume Clone Script Project

View all CVEs affecting Resume Clone Script →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, and potential remote code execution via database functions.

🟠

Likely Case

Unauthorized access to sensitive resume data, user credentials, and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage to non-critical data.

🌐 Internet-Facing: HIGH - The forget.php script is typically internet-facing for password reset functionality.
🏢 Internal Only: MEDIUM - Lower risk if application is internal-only, but still vulnerable to insider threats.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection via GET/POST parameter requires minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Contact PHP Scripts Mall for updated version. 2. If unavailable, manually patch forget.php by implementing parameterized queries. 3. Replace raw SQL with prepared statements using mysqli or PDO.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add input validation and sanitization to forget.php username parameter

Edit forget.php and add: $username = mysqli_real_escape_string($connection, $_POST['username']);

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns

ModSecurity rule: SecRule ARGS:username "@detectSQLi" "id:1001,phase:2,deny"

🧯 If You Can't Patch

  • Disable forget.php functionality and implement alternative password reset mechanism
  • Implement network segmentation and restrict access to database server

🔍 How to Verify

Check if Vulnerable:

Test forget.php with SQL injection payload: username=admin' OR '1'='1

Check Version:

Check script version in admin panel or configuration files

Verify Fix Applied:

Test with same payload after fix - should return error or no data

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in application logs
  • Multiple failed password reset attempts with SQL patterns

Network Indicators:

  • HTTP requests to forget.php containing SQL keywords (UNION, SELECT, etc.)

SIEM Query:

source="web_logs" AND uri="/forget.php" AND (username="*'*" OR username="*UNION*" OR username="*SELECT*")

📊 Metadata

CVE ID: CVE-2017-17931
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: December 27, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-17931, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)