{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2020-37218/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2020-37218"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["com_hdwplayer 4.2"],"_cs_severities":["high"],"_cs_tags":["sql-injection","joomla","cve-2020-37218","web-application"],"_cs_type":"advisory","_cs_vendors":["Joomla"],"content_html":"\u003cp\u003eJoomla com_hdwplayer 4.2 is vulnerable to SQL injection in the search.php file. Unauthenticated attackers can exploit this vulnerability by injecting malicious SQL code into the \u003ccode\u003ehdwplayersearch\u003c/code\u003e parameter of a POST request. This allows them to execute arbitrary SQL queries against the Joomla database. Successful exploitation can lead to the extraction of sensitive information from the \u003ccode\u003ehdwplayer_videos\u003c/code\u003e table, potentially compromising user data and application integrity. The vulnerability was reported in CVE-2020-37218.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a Joomla site using com_hdwplayer version 4.2.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious SQL payload, designed to extract data from the \u003ccode\u003ehdwplayer_videos\u003c/code\u003e table.\u003c/li\u003e\n\u003cli\u003eThe attacker sends an HTTP POST request to \u003ccode\u003esearch.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe POST request includes the crafted SQL payload within the \u003ccode\u003ehdwplayersearch\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe application fails to properly sanitize the \u003ccode\u003ehdwplayersearch\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe application executes the attacker-controlled SQL query against the database.\u003c/li\u003e\n\u003cli\u003eThe database returns sensitive information from the \u003ccode\u003ehdwplayer_videos\u003c/code\u003e table.\u003c/li\u003e\n\u003cli\u003eThe attacker receives the extracted data, such as usernames, passwords, or video metadata.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2020-37218) allows unauthenticated attackers to execute arbitrary SQL queries, potentially leading to the theft of sensitive information, such as usernames, passwords, and video metadata, from the Joomla database. The vulnerability exists in Joomla com_hdwplayer 4.2. While the precise number of affected installations is unknown, any Joomla site using this extension is potentially at risk. This could lead to data breaches, reputational damage, and legal liabilities for the affected organizations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInspect web server logs for POST requests to \u003ccode\u003esearch.php\u003c/code\u003e with suspicious SQL syntax in the \u003ccode\u003ehdwplayersearch\u003c/code\u003e parameter to detect exploitation attempts (see Sigma rule \u003ccode\u003eDetect Joomla com_hdwplayer SQL Injection Attempt\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eApply available patches or updates for com_hdwplayer to remediate the SQL injection vulnerability described in CVE-2020-37218.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u003ccode\u003ehdwplayersearch\u003c/code\u003e parameter to prevent SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Joomla com_hdwplayer SQL Injection Successful\u003c/code\u003e to identify successful exploitation by monitoring for database errors.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T16:18:27Z","date_published":"2026-05-13T16:18:27Z","id":"https://feed.craftedsignal.io/briefs/2026-05-joomla-sqli/","summary":"Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hdwplayersearch parameter.","title":"Joomla com_hdwplayer 4.2 SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-joomla-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2020-37218","version":"https://jsonfeed.org/version/1.1"}