CVE-2017-20277

Joomla JoomRecipe 1.0.4 Component Blind SQL Injection via search_author

CVSS 8.8 HIGHEPSS 0.3%CWE-89

Vexday Risk Score

41Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 8.8EPSS 0.3%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

19 Jun 2026Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Affected products

Joomboost · Joomla JoomRecipe

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/42347unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://joomboost.com/https://extensions.joomla.org/extensions/extension/vertical-markets/food-a-beverage/joomrecipe/https://www.exploit-db.com/exploits/42347 https://www.vulncheck.com/advisories/joomla-joomrecipe-component-blind-sql-injection-via-search-author