CVE-2018-7178
published 2018-02-17CVE-2018-7178: SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.
PriorityP266critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.95%
89.1th percentile
SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| saxum2003 | saxum_picker | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandindex.php?option=com_saxumpicker&view=savedspread&publicid=1' AND EXTRACTVALUE(66,CONCAT(0x5c,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),(SELECT (ELT(66=66,1)))))-- -↗
- →Detect SQL injection attempts against the Saxum Picker Joomla component by monitoring HTTP requests containing the query parameters 'option=com_saxumpicker' and 'view=savedspread' with a suspicious 'publicid' value (e.g., containing quotes, SQL keywords, or EXTRACTVALUE/CONCAT payloads). ↗
- →The exploit uses error-based SQL injection via MySQL's EXTRACTVALUE() function with CONCAT(0x5c,...) to exfiltrate USER(), DATABASE(), and VERSION() in the XPATH error message. Alert on XPATH syntax error responses (MySQL error 1105) combined with the com_saxumpicker component. ↗
- →The vulnerable parameter is 'publicid' in the Joomla component 'com_saxumpicker'. Input validation or WAF rules should flag any non-integer or SQL-containing value in this parameter. ↗
- ·The proof-of-concept URL uses 'localhost' as the host; in real-world attacks the host will vary. Detection rules should focus on the query string parameters (option=com_saxumpicker, view=savedspread, publicid=) rather than the hostname. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2018-02-17
Published