CVE-2018-6024
📋 TL;DR
CVE-2018-6024 is a critical SQL injection vulnerability in the Project Log 1.5.3 component for Joomla! that allows attackers to execute arbitrary SQL commands via the search parameter. This affects all Joomla! installations using the vulnerable Project Log component. Attackers can potentially access, modify, or delete database content.
💻 Affected Systems
- Joomla! Project Log component
📦 What is this software?
Project Log by Thethinkery
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, data destruction, or full system takeover via SQL injection to remote code execution chaining.
Likely Case
Unauthorized database access allowing extraction of sensitive information like user credentials, personal data, or administrative access.
If Mitigated
Limited impact with proper input validation, parameterized queries, and database permissions restricting damage to non-critical data.
🎯 Exploit Status
Multiple public exploit scripts available, requiring minimal technical skill to execute.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Project Log 1.5.4 or later
Vendor Advisory: https://www.joomla.org/announcements/release-news/
Restart Required: No
Instructions:
1. Update Project Log component to version 1.5.4 or later via Joomla! Extension Manager. 2. Alternatively, remove the vulnerable component entirely if not needed. 3. Update Joomla! core to latest version for additional security.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side input validation to sanitize search parameter inputs
Modify component PHP files to add input sanitization: $search = $db->quote($search);
Web Application Firewall Rule
allBlock SQL injection patterns in the search parameter
WAF rule: Block requests containing SQL keywords (UNION, SELECT, INSERT, etc.) in search parameter
🧯 If You Can't Patch
- Disable or remove the Project Log component entirely from Joomla! installation
- Implement network segmentation and restrict access to Joomla! administration interface
🔍 How to Verify
Check if Vulnerable:
Check Joomla! Extension Manager for Project Log component version. If version is 1.5.3, system is vulnerable.Check Version:
Check via Joomla! admin panel: Extensions → Manage → Manage → Search for 'Project Log'Verify Fix Applied:
Confirm Project Log component version is 1.5.4 or later in Joomla! Extension Manager.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in Joomla! logs
- Multiple failed login attempts following SQL injection patterns
- Unexpected database queries containing UNION, SELECT, or DROP statements
Network Indicators:
- HTTP requests with SQL injection payloads in search parameter
- Unusual database connection patterns from web server
SIEM Query:
web.url:*search=* AND (web.url:*UNION* OR web.url:*SELECT* OR web.url:*INSERT* OR web.url:*DROP*)