{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/focalpoint-pro/free-1.2.3/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2017-20263"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["FocalPoint Pro/Free (1.2.3)"],"_cs_severities":["high"],"_cs_tags":["sqli","web-vulnerability","joomla","data-exfiltration"],"_cs_type":"advisory","_cs_vendors":["Focalpointx"],"content_html":"\u003cp\u003eCVE-2017-20263 details a critical SQL injection vulnerability affecting Joomla! Component FocalPoint Pro/Free version 1.2.3. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by manipulating the \u003ccode\u003eid\u003c/code\u003e parameter within specific GET requests. By crafting malicious SQL code into the \u003ccode\u003eid\u003c/code\u003e parameter when requesting \u003ccode\u003eindex.php\u003c/code\u003e with \u003ccode\u003eoption=com_focalpoint\u003c/code\u003e and \u003ccode\u003eview=location\u003c/code\u003e, attackers can force the application to disclose sensitive database information. The vulnerability, first documented in 2026, presents a significant risk to organizations using the affected Joomla! component, potentially leading to unauthorized data exposure and further compromise if database credentials are leaked.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a vulnerable Joomla! instance running FocalPoint Pro/Free version 1.2.3.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP GET request targeting \u003ccode\u003eindex.php\u003c/code\u003e on the vulnerable server.\u003c/li\u003e\n\u003cli\u003eThe request includes specific parameters: \u003ccode\u003eoption=com_focalpoint\u003c/code\u003e and \u003ccode\u003eview=location\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker injects SQL commands (e.g., \u003ccode\u003eid=1 UNION SELECT USER(), DATABASE()\u003c/code\u003e) into the \u003ccode\u003eid\u003c/code\u003e parameter of this GET request.\u003c/li\u003e\n\u003cli\u003eThe vulnerable FocalPoint component processes the request without proper sanitization, leading to the execution of the attacker-supplied SQL queries against the backend database.\u003c/li\u003e\n\u003cli\u003eThe database responds to these queries, returning sensitive information such as user credentials, database schemas, or application data within the web application's output.\u003c/li\u003e\n\u003cli\u003eThe attacker parses the HTTP response to extract the disclosed sensitive database information.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2017-20263 grants unauthenticated attackers the ability to extract sensitive information directly from the underlying database of the Joomla! application. This can include confidential user data, hashed passwords, session tokens, and configuration details. Such data exfiltration can lead to severe consequences, including further account compromise, unauthorized access to internal systems, or compliance violations. Organizations in any sector using the vulnerable component are at risk of data breaches and reputational damage if their databases are exposed.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2017-20263 by upgrading the Joomla! FocalPoint Pro/Free component to a version beyond 1.2.3 immediately.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026quot;Detects CVE-2017-20263 Exploitation Attempt\u0026quot; to your SIEM system to identify exploitation attempts.\u003c/li\u003e\n\u003cli\u003eEnable comprehensive web server access logging to capture full HTTP request details, including query strings, which are essential for the detection rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-19T16:34:10Z","date_published":"2026-06-19T16:34:10Z","id":"https://feed.craftedsignal.io/briefs/2026-06-joomla-focalpoint-sqli/","summary":"An unauthenticated SQL injection vulnerability (CVE-2017-20263) in Joomla! Component FocalPoint Pro/Free version 1.2.3 allows attackers to execute arbitrary SQL queries via a crafted 'id' parameter in GET requests, leading to sensitive database information disclosure.","title":"Joomla! FocalPoint Pro/Free SQL Injection (CVE-2017-20263)","url":"https://feed.craftedsignal.io/briefs/2026-06-joomla-focalpoint-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed - FocalPoint Pro/Free (1.2.3)","version":"https://jsonfeed.org/version/1.1"}