← back
CVE-2017-8917

CVE-2017-8917

EPSS 99.8%
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 99.8%KEV nãoPoC públicaNuclei simMetasploit simPatch
Lifecycle
17 May 2017Metasploit module available
17 May 2017Published on NVD
19 May 2017Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
Affected products
n/a · n/a
public PoCs found15
githubgithub.com/stefanlucas/Exploit-Joomla67githubgithub.com/brianwrf/Joomla3.7-SQLi-CVE-2017-89177githubgithub.com/AkuCyberSec/CVE-2017-8917-Joomla-370-SQL-Injection2githubgithub.com/BaptisteContreras/CVE-2017-8917-Joomla2githubgithub.com/ztrxwzy/joomla.3.7.0exploit1githubgithub.com/yayateayayatea/cve-2017-89170githubgithub.com/gloliveira1701/Joomblah0githubgithub.com/cved-sources/cve-2017-89170githubgithub.com/gmohlamo/CVE-2017-89170githubgithub.com/Siopy/CVE-2017-89170githubgithub.com/ionutbaltariu/joomla_CVE-2017-89170exploitdbwww.exploit-db.com/exploits/44358unverifiedcve_referencewww.exploit-db.com/exploits/44358/unverifiedexploitdbwww.exploit-db.com/exploits/42033unverifiedcve_referencewww.exploit-db.com/exploits/42033/unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://developer.joomla.org/security-centre/692-20170501-core-sql-injection.htmlhttps://www.exploit-db.com/exploits/42033/https://www.exploit-db.com/exploits/44358/http://www.securityfocus.com/bid/98515http://www.securitytracker.com/id/1038522