CVE-2017-8917 – Facilmente Flaw Explorável Joomla SQL

CVE-2017-8917 is a Joomla vulnerability just disclosed by Sucuri researchers. During regular search audits, the researchers discovered an SQL injection flaw affecting Joomla! 3.7. The flaw is easily exploitable as it doesn’t require a privileged account on the target’s site.

Story relacionado: Programa WordPress Bounty Bug Interessado em XSS, RCE, Falhas do SQL

More about CVE-2017-8917

The flaw is triggered by a new component identified as com_fields, introduced in version 3.7. Admins that use this version of Joomla are at risk of an exploit and should update immediately. What is worse is that this component is publicly accessible, meaning that the bug can be used by anyone who visits the targeted Joomla site.

além disso, there are plenty of ways for such flaws to be exploited by attackers, such as leaking password hashes or hijacking logged-in users’ sessions. The second scenario could lead to a full compromise of the targeted website if an admin session is stolen, Sucuri explains.

The public-facing com_fields component borrows some views from the administrative side component of the same name. While this may sound like an odd thing to do, it serves a very practical purpose – it allows the reuse of generic code that was written for the other side, instead of writing it from scratch again.

Joomla Admins Should Upgrade Immediately

Since Joomla is one of the most popular open source CMS (sistema de gerenciamento de conteúdo) this vulnerability should not be under-minded. One of the reasons to pay close attention to this flaw if you are a Joomla admin is that attackers often take advantage of how slowly administrators upgrade. The more time it takes for an admin to react, the better chance there is for a successful attack.

This is a serious vulnerability that can be misused in different ways to compromise a vulnerable site. atualizar agora,” Sucuri advises.

Both Joomla and WordPress sites often fall victims to attacks. No 2016, such sites were deployed in the distribution of a unique and smartly crafted attack.

Story relacionado: Vulneráveis ​​Plugin WordPress poderia causar ataques graves
Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum desde o início. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar