CVE-2018-6004
published 2018-02-17CVE-2018-6004: SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.
PriorityP263critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.70%
84.1th percentile
SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| techsolsystem | file_download_tracker | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commanddynfield[phone]=%251%2527%2520AND%2520(SELECT%204323%20FROM(SELECT%20COUNT(*),CONCAT(version(),(SELECT%20(ELT(4323=4323,1))),database(),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.PLUGINS%20GROUP%20BY%20x)a)%20AND%2527%2525%2527%3D%2527↗
commandsess=1' and(select 1 FROM(select count(*),concat((select (select concat(database(),0x27,0x7e)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)-- -↗
- →Monitor HTTP requests to Joomla index.php containing 'option=com_dtracker&task=save' with a 'dynfield[phone]' parameter containing SQL metacharacters (quotes, AND, SELECT keywords). ↗
- →Monitor HTTP requests to Joomla index.php containing 'option=com_dtracker&layout=download' with a 'sess' parameter containing SQL metacharacters (quotes, AND, SELECT keywords). ↗
- →The SQL injection payloads target INFORMATION_SCHEMA.PLUGINS and information_schema.tables to enumerate database version and schema — alert on these strings appearing in query parameters. ↗
- ·Affected version is specifically File Download Tracker 3.0 for Joomla!; detections scoped to 'com_dtracker' component parameter are version-specific and may not apply to patched or differently-named forks. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2018-02-17
Published