CVE-2018-17399 – This vulnerability allows SQL injection attacks... (How to Fix)

Q: What is the severity of CVE-2018-17399?

CVE-2018-17399 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows SQL injection attacks through the 'id' parameter in the Jimtawl 2.2.7 component for Joomla!. Attackers can execute arbitrary SQL commands, potentially compromising the database. All Joomla! installations using the vulnerable Jimtawl component are affected.

📋 TL;DR

This vulnerability allows SQL injection attacks through the 'id' parameter in the Jimtawl 2.2.7 component for Joomla!. Attackers can execute arbitrary SQL commands, potentially compromising the database. All Joomla! installations using the vulnerable Jimtawl component are affected.

💻 Affected Systems

Products:

Joomla! with Jimtawl component

Versions: Jimtawl 2.2.7

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Joomla! installation with Jimtawl component enabled and accessible.

📦 What is this software?

Jimtawl by Jimtawl Project

View all CVEs affecting Jimtawl →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, privilege escalation, and potential remote code execution via database functions.

🟠

Likely Case

Database information disclosure, authentication bypass, or data manipulation leading to site defacement or user data exposure.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Jimtawl version after 2.2.7

Vendor Advisory: https://www.exploit-db.com/exploits/45524

Restart Required: No

Instructions:

1. Update Jimtawl component to latest version. 2. If update unavailable, remove or disable the component. 3. Apply Joomla! security patches if available.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement input validation to sanitize the 'id' parameter before processing.

Modify component code to validate 'id' parameter as integer using PHP filter_var($id, FILTER_VALIDATE_INT)

Web Application Firewall

all

Deploy WAF with SQL injection protection rules.

Configure WAF to block SQL injection patterns in URL parameters

🧯 If You Can't Patch

Disable or remove the Jimtawl component entirely
Implement network segmentation to restrict access to vulnerable systems

🔍 How to Verify

Check if Vulnerable:

Check Joomla! extensions manager for Jimtawl component version 2.2.7.

Check Version:

Check Joomla! administrator panel → Extensions → Manage → Components → Jimtawl

Verify Fix Applied:

Verify Jimtawl component version is updated beyond 2.2.7 and test 'id' parameter with SQL injection payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in logs
Multiple requests with SQL-like patterns in 'id' parameter
Failed login attempts from unexpected sources

Network Indicators:

HTTP requests containing SQL keywords (SELECT, UNION, etc.) in URL parameters
Unusual database connection patterns

SIEM Query:

source="web_logs" AND (url="*id=*SELECT*" OR url="*id=*UNION*" OR url="*id=*OR*" OR url="*id=*AND*")

📊 Metadata

CVE ID: CVE-2018-17399

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: June 19, 2019

Last Updated: November 21, 2024

🔗 References

https://www.exploit-db.com/author/?a=8844 Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/45524 Exploit,Third Party Advisory,VDB Entry
https://www.exploit-db.com/author/?a=8844 Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/45524 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-17399, you might also want to check these: