cbcvebase.
CVE-2018-7314
published 2018-02-22

CVE-2018-7314: SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.

PriorityP183critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
59.55%
99.0th percentile
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.

Affected

1 ranges
VendorProductVersion rangeFixed in
mlwebtechnologiesprayercenter

Detection & IOCsextracted from sources · hover to see the quote

url/index.php?option=com_prayercenter&task=confirm&id=1&sessionid=1' AND EXTRACTVALUE(22,CONCAT(0x7e,md5({{num}})))-- X
url/index.php?option=com_prayercenter&task=confirm&id=1&sessionid=[SQL]
command1' AND EXTRACTVALUE(22,CONCAT(0x5c,(SELECT GROUP_CONCAT(table_name SEPARATOR 0x3c62723e) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA=DATABASE()),(SELECT (ELT(1=1,1))),database()))-- VerAyari
  • Detect exploitation attempts by monitoring GET requests to index.php containing the 'com_prayercenter' component option combined with the 'sessionid' parameter carrying SQL injection payloads (e.g., EXTRACTVALUE, CONCAT, single-quote).
  • The nuclei template matches exploitation success by detecting the MD5 hash output of a random integer in the HTTP response body, confirming error-based SQL injection via EXTRACTVALUE.
  • The attack uses the URL parameter pattern: option=com_prayercenter&task=confirm&id=1&sessionid= with SQL injection appended; alert on this query string combination in web server logs or WAF rules.
  • ·The nuclei template uses a randomized integer (rand_int 800000000–1000000000) and its MD5 as the match condition, meaning detection is probabilistic per request; static signatures must account for the variable payload.
  • ·This is a distinct vulnerability from CVE-2008-6429, which also affected PrayerCenter via the sessionid parameter; ensure detection rules differentiate between the two CVEs if both are in scope.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.