CVE-2020-35613 – This SQL injection vulnerability in Joomla's ba... (How to Fix)

Q: What is the severity of CVE-2020-35613?

CVE-2020-35613 has a CVSS score of 9.8 (CRITICAL). This SQL injection vulnerability in Joomla's backend user list allows authenticated attackers to execute arbitrary SQL commands. It affects Joomla installations from version 3.0.0 through 3.9.22. Attackers with backend access can potentially extract, modify, or delete database content.

📋 TL;DR

This SQL injection vulnerability in Joomla's backend user list allows authenticated attackers to execute arbitrary SQL commands. It affects Joomla installations from version 3.0.0 through 3.9.22. Attackers with backend access can potentially extract, modify, or delete database content.

💻 Affected Systems

Products:

Joomla

Versions: 3.0.0 through 3.9.22

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires backend access to exploit. All Joomla installations in affected version range are vulnerable.

📦 What is this software?

Joomla\! by Joomla

View all CVEs affecting Joomla\! →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, or complete system takeover via subsequent attacks.

🟠

Likely Case

Unauthorized data access, user credential theft, and potential privilege escalation within the Joomla application.

🟢

If Mitigated

Limited impact with proper access controls, though SQL injection remains a serious vulnerability.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated backend access. SQL injection techniques are well-documented and weaponization is likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.9.23

Vendor Advisory: https://developer.joomla.org/security-centre/831-20201104-core-sql-injection-in-com-users-list-view.html

Restart Required: No

Instructions:

1. Backup your Joomla installation and database. 2. Update Joomla to version 3.9.23 or later via the Joomla Update component. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Restrict Backend Access

all

Limit backend access to trusted IP addresses only

# Configure web server (Apache example) to restrict /administrator access
<Location /administrator>
    Order deny,allow
    Deny from all
    Allow from 192.168.1.0/24
</Location>

🧯 If You Can't Patch

Implement strict input validation and parameterized queries for all user inputs
Apply web application firewall rules to block SQL injection patterns

🔍 How to Verify

Check if Vulnerable:

Check Joomla version in System Information or via version.php file. If version is between 3.0.0 and 3.9.22, system is vulnerable.

Check Version:

grep -i 'RELEASE' /path/to/joomla/administrator/manifests/files/joomla.xml | head -1

Verify Fix Applied:

Verify Joomla version is 3.9.23 or later. Check that the patch has been applied by reviewing the changelog.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by backend access
Suspicious user agent strings in access logs

Network Indicators:

SQL injection patterns in HTTP requests to /administrator
Unusual database connection patterns from web server

SIEM Query:

source="web_logs" AND uri="/administrator/*" AND (query="*SELECT*" OR query="*UNION*" OR query="*INSERT*" OR query="*UPDATE*")

📊 Metadata

CVE ID: CVE-2020-35613

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: December 28, 2020

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35613, you might also want to check these: