CVE-2017-20253: Joomla! Component My Projects 2.0 SQL Injection Vulnerability

CVE-2017-20253 details a critical SQL injection vulnerability affecting Joomla! Component My Projects version 2.0. This flaw enables unauthenticated attackers to execute arbitrary SQL queries against the backend database by injecting malicious code into the VerAyari parameter within crafted HTTP requests. The vulnerability, first published to NVD in June 2026, allows for the extraction of sensitive database contents, including user credentials, configuration data, and other critical system information. Successful exploitation could lead to unauthorized access to the web application's backend, potential privilege escalation, and further compromise of the underlying server infrastructure through data exfiltration.

Attack Chain

1. An unauthenticated attacker identifies a public-facing Joomla! instance running the My Projects 2.0 component.
2. The attacker crafts a specially malformed HTTP GET request targeting a vulnerable endpoint of the My Projects component.
3. Malicious SQL injection payloads are embedded within the VerAyari parameter in the URL query string of the HTTP request.
4. The Joomla! Component My Projects 2.0 processes the request without adequately sanitizing the input provided via the VerAyari parameter.
5. The injected SQL code is executed as part of the legitimate database query, bypassing the application's intended logic.
6. The backend database responds by including sensitive information (e.g., schema details, user hashes, credentials) within the HTTP response, often through error messages or manipulated query results.
7. The attacker parses the HTTP response to extract the exfiltrated sensitive data, such as administrator credentials or customer information.
8. The extracted data is then used for further unauthorized access, account takeover, or data exfiltration, achieving the attacker's objective.

Impact

Successful exploitation of CVE-2017-20253 grants unauthenticated attackers the ability to dump the entire database contents, including sensitive information such as administrator credentials, user data, and system configurations. This can lead to full compromise of the Joomla! application, unauthorized access to user accounts, and potentially the underlying server if extracted credentials are reused or provide sufficient privileges. The high CVSS score of 8.2 reflects the severe confidentiality impact and the unauthenticated nature of the attack, posing a significant risk of data breaches and system compromise for organizations utilizing the vulnerable component.

Recommendation

• Deploy a Web Application Firewall (WAF) with updated rulesets to detect and block SQL injection attempts, specifically monitoring HTTP GET requests targeting the Joomla! Component My Projects and the VerAyari parameter as described in CVE-2017-20253.
• Monitor web server access logs for anomalous HTTP requests containing SQL injection payloads, particularly in query parameters, as indicated by the detection rules below.
• Implement the provided Sigma rules to your SIEM solution to detect exploitation attempts of CVE-2017-20253 in web server logs.
• If the Joomla! Component My Projects 2.0 is in use, verify if a patch or update is available from the vendor (Gegabyte or Joomla! extensions directory) that addresses CVE-2017-20253. If no patch exists, consider disabling or removing the component.