{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/joombooking/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["JB Visa 1.0"],"_cs_severities":["high"],"_cs_tags":["sql-injection","joomla","web-vulnerability","cve"],"_cs_type":"advisory","_cs_vendors":["Joombooking"],"content_html":"\u003cp\u003eCVE-2017-20255 describes an unauthenticated SQL injection vulnerability present in Joomla! Component JB Visa version 1.0. This flaw allows remote attackers to execute arbitrary SQL queries, posing a significant risk to the confidentiality of underlying database contents. Attackers can exploit this by sending specially crafted HTTP GET requests to the vulnerable \u003ccode\u003eindex.php\u003c/code\u003e endpoint, targeting specific parameters like \u003ccode\u003eoption=com_bookpro\u003c/code\u003e and \u003ccode\u003eview=popup\u003c/code\u003e. By injecting malicious SQL code into the \u003ccode\u003evisatype\u003c/code\u003e parameter, adversaries can bypass authentication and directly interact with the database. This enables the exfiltration of sensitive information, such as user credentials and full table contents, from the compromised Joomla! installation, potentially leading to further system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Access (HTTP GET Request):\u003c/strong\u003e An unauthenticated attacker sends an HTTP GET request to the vulnerable Joomla! instance running Component JB Visa 1.0.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTargeting Vulnerable Endpoint:\u003c/strong\u003e The GET request specifically targets the \u003ccode\u003e/index.php\u003c/code\u003e path with the URL query parameters \u003ccode\u003eoption=com_bookpro\u003c/code\u003e and \u003ccode\u003eview=popup\u003c/code\u003e to access the vulnerable component.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSQL Payload Injection:\u003c/strong\u003e The attacker injects malicious SQL code into the \u003ccode\u003evisatype\u003c/code\u003e parameter within the URL query string (e.g., \u003ccode\u003evisatype=%27%20OR%201=1--%20\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eApplication Processing:\u003c/strong\u003e The Joomla! application, due to CVE-2017-20255, processes the HTTP request and incorporates the malicious \u003ccode\u003evisatype\u003c/code\u003e input directly into an SQL query without proper sanitization.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDatabase Execution:\u003c/strong\u003e The backend database executes the attacker's arbitrary SQL query, including the injected malicious code.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInformation Exfiltration:\u003c/strong\u003e The executed SQL query retrieves sensitive database information, such as user credentials, hashed passwords, or entire table contents, which is then returned in the HTTP response body to the attacker.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2017-20255 allows unauthenticated attackers to gain full access to the database underlying the Joomla! instance. This can lead to the complete compromise of sensitive organizational data, including user accounts, personal identifiable information (PII), and application-specific configurations. The exfiltration of credentials could facilitate lateral movement within the network or access to other systems. While no specific victim count or targeted sectors are provided, any organization utilizing the vulnerable Joomla! Component JB Visa 1.0 is at risk of severe data breaches and potential regulatory fines.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePatch CVE-2017-20255:\u003c/strong\u003e Immediately upgrade Joomla! Component JB Visa to a patched version or disable/remove the component if an upgrade is not available.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeploy Sigma Rules:\u003c/strong\u003e Deploy the provided Sigma rules \u0026quot;Detects CVE-2017-20255 Exploitation - Joomla JB Visa SQL Injection\u0026quot; and \u0026quot;Detect Generic SQL Injection Attempts in GET Requests\u0026quot; to your SIEM and tune them for your environment.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEnable Webserver Logging:\u003c/strong\u003e Ensure comprehensive logging for HTTP requests (especially URL paths, query parameters, and methods) is enabled on your web servers to facilitate detection of the patterns used in the Sigma rules.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-19T16:24:01Z","date_published":"2026-06-19T16:24:01Z","id":"https://feed.craftedsignal.io/briefs/2026-06-joomla-jb-visa-sqli/","summary":"An unauthenticated SQL injection vulnerability (CVE-2017-20255) in Joomla! Component JB Visa 1.0 allows attackers to execute arbitrary SQL queries by injecting malicious code via the 'visatype' parameter in GET requests to 'index.php?option=com_bookpro\u0026view=popup', leading to the extraction of sensitive database information including credentials.","title":"Joomla! Component JB Visa 1.0 SQL Injection (CVE-2017-20255)","url":"https://feed.craftedsignal.io/briefs/2026-06-joomla-jb-visa-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed - Joombooking","version":"https://jsonfeed.org/version/1.1"}