CVE-2018-6372 – This vulnerability allows SQL injection attacks... (How to Fix)

Q: What is the severity of CVE-2018-6372?

CVE-2018-6372 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows SQL injection attacks through the order_number parameter in JB Bus 2.3 component for Joomla!. Attackers can execute arbitrary SQL commands to steal, modify, or delete database content. All Joomla! installations using JB Bus 2.3 component are affected.

📋 TL;DR

This vulnerability allows SQL injection attacks through the order_number parameter in JB Bus 2.3 component for Joomla!. Attackers can execute arbitrary SQL commands to steal, modify, or delete database content. All Joomla! installations using JB Bus 2.3 component are affected.

💻 Affected Systems

Products:

Joomla! JB Bus component

Versions: Version 2.3

Operating Systems: All operating systems running Joomla!

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Joomla! installations with JB Bus 2.3 component enabled.

📦 What is this software?

Jb Bus by Joombooking

View all CVEs affecting Jb Bus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, modification, deletion, and potential remote code execution via database functions.

🟠

Likely Case

Data exfiltration of sensitive information, privilege escalation, and database manipulation.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH - Web applications are directly accessible and vulnerable to automated scanning/exploitation.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they have network access to the application.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to JB Bus component version 2.4 or later

Vendor Advisory: https://extensions.joomla.org/extension/jb-bus/

Restart Required: No

Instructions:

1. Log into Joomla! admin panel. 2. Navigate to Extensions > Manage > Update. 3. Update JB Bus component to latest version. 4. Alternatively, download latest version from Joomla! extensions directory and install manually.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize order_number parameter before processing

Implement parameterized queries or prepared statements in PHP code

Web Application Firewall Rule

all

Block SQL injection patterns in order_number parameter

Add WAF rule: Detect and block SQL keywords in order_number parameter

🧯 If You Can't Patch

Disable JB Bus component entirely if not required
Implement network segmentation to restrict access to vulnerable application

🔍 How to Verify

Check if Vulnerable:

Check Joomla! extensions manager for JB Bus component version 2.3

Check Version:

Check Joomla! admin panel: Extensions > Manage > Manage

Verify Fix Applied:

Confirm JB Bus component version is 2.4 or higher in extensions manager

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts after SQL injection
Unexpected database schema changes

Network Indicators:

HTTP requests with SQL keywords in order_number parameter
Abnormal database connection patterns from web server

SIEM Query:

source="web_logs" AND (order_number CONTAINS "UNION" OR order_number CONTAINS "SELECT" OR order_number CONTAINS "INSERT")

📊 Metadata

CVE ID: CVE-2018-6372

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: February 17, 2018

Last Updated: November 21, 2024

🔗 References

https://exploit-db.com/exploits/44115 Exploit,Third Party Advisory,VDB Entry
https://exploit-db.com/exploits/44115 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-6372, you might also want to check these: