CVE-2018-17382
📋 TL;DR
This vulnerability allows SQL injection attacks through the filter_letter parameter in Jobs Factory 2.0.4 component for Joomla!. Attackers can execute arbitrary SQL commands, potentially compromising the database. All Joomla! installations using the vulnerable Jobs Factory component are affected.
💻 Affected Systems
- Joomla! Jobs Factory component
📦 What is this software?
Jobs Factory by Thephpfactory
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data manipulation, privilege escalation, and potential remote code execution via database functions.
Likely Case
Database information disclosure, authentication bypass, and data manipulation leading to site compromise.
If Mitigated
Limited impact with proper input validation, parameterized queries, and WAF protection in place.
🎯 Exploit Status
Public exploit code available, simple injection via HTTP parameter manipulation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.5 or later
Vendor Advisory: https://extensions.joomla.org/extension/jobs-factory/
Restart Required: No
Instructions:
1. Update Jobs Factory component to version 2.0.5 or later via Joomla! Extension Manager. 2. Verify component version in Joomla! backend. 3. Test functionality after update.
🔧 Temporary Workarounds
Input Validation Filter
allAdd input validation to filter_letter parameter to only accept expected values
Modify component code to validate filter_letter parameter
WAF Rule Implementation
allImplement web application firewall rules to block SQL injection patterns
Add WAF rule: Detect SQL injection in filter_letter parameter
🧯 If You Can't Patch
- Disable or remove the Jobs Factory component entirely
- Implement strict input validation and parameterized queries in custom code
🔍 How to Verify
Check if Vulnerable:
Check Joomla! backend Extensions > Manage > Manage for Jobs Factory version 2.0.4 or earlierCheck Version:
Check Joomla! backend: Extensions > Manage > Manage, find Jobs FactoryVerify Fix Applied:
Verify Jobs Factory component version is 2.0.5 or later in Joomla! backend📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple requests with SQL-like patterns in filter_letter parameter
- Error logs showing SQL syntax errors
Network Indicators:
- HTTP requests containing SQL keywords in filter_letter parameter
- Unusual database connection patterns from web server
SIEM Query:
web_requests WHERE url_parameter CONTAINS 'filter_letter' AND (parameter_value CONTAINS 'UNION' OR parameter_value CONTAINS 'SELECT' OR parameter_value CONTAINS 'OR 1=1')