Joombooking - CraftedSignal Threat Feedhttps://feed.craftedsignal.io/vendors/joombooking/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 19 Jun 2026 16:24:01 +0000Joomla! Component JB Visa 1.0 SQL Injection (CVE-2017-20255)https://feed.craftedsignal.io/briefs/2026-06-joomla-jb-visa-sqli/Fri, 19 Jun 2026 16:24:01 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-06-joomla-jb-visa-sqli/An unauthenticated SQL injection vulnerability (CVE-2017-20255) in Joomla! Component JB Visa 1.0 allows attackers to execute arbitrary SQL queries by injecting malicious code via the 'visatype' parameter in GET requests to 'index.php?option=com_bookpro&view=popup', leading to the extraction of sensitive database information including credentials.CVE-2017-20255 describes an unauthenticated SQL injection vulnerability present in Joomla! Component JB Visa version 1.0. This flaw allows remote attackers to execute arbitrary SQL queries, posing a significant risk to the confidentiality of underlying database contents. Attackers can exploit this by sending specially crafted HTTP GET requests to the vulnerable index.php endpoint, targeting specific parameters like option=com_bookpro and view=popup. By injecting malicious SQL code into the visatype parameter, adversaries can bypass authentication and directly interact with the database. This enables the exfiltration of sensitive information, such as user credentials and full table contents, from the compromised Joomla! installation, potentially leading to further system compromise.

Attack Chain

  1. Initial Access (HTTP GET Request): An unauthenticated attacker sends an HTTP GET request to the vulnerable Joomla! instance running Component JB Visa 1.0.
  2. Targeting Vulnerable Endpoint: The GET request specifically targets the /index.php path with the URL query parameters option=com_bookpro and view=popup to access the vulnerable component.
  3. SQL Payload Injection: The attacker injects malicious SQL code into the visatype parameter within the URL query string (e.g., visatype=%27%20OR%201=1--%20).
  4. Application Processing: The Joomla! application, due to CVE-2017-20255, processes the HTTP request and incorporates the malicious visatype input directly into an SQL query without proper sanitization.
  5. Database Execution: The backend database executes the attacker's arbitrary SQL query, including the injected malicious code.
  6. Information Exfiltration: The executed SQL query retrieves sensitive database information, such as user credentials, hashed passwords, or entire table contents, which is then returned in the HTTP response body to the attacker.

Impact

Successful exploitation of CVE-2017-20255 allows unauthenticated attackers to gain full access to the database underlying the Joomla! instance. This can lead to the complete compromise of sensitive organizational data, including user accounts, personal identifiable information (PII), and application-specific configurations. The exfiltration of credentials could facilitate lateral movement within the network or access to other systems. While no specific victim count or targeted sectors are provided, any organization utilizing the vulnerable Joomla! Component JB Visa 1.0 is at risk of severe data breaches and potential regulatory fines.

Recommendation

  • Patch CVE-2017-20255: Immediately upgrade Joomla! Component JB Visa to a patched version or disable/remove the component if an upgrade is not available.
  • Deploy Sigma Rules: Deploy the provided Sigma rules "Detects CVE-2017-20255 Exploitation - Joomla JB Visa SQL Injection" and "Detect Generic SQL Injection Attempts in GET Requests" to your SIEM and tune them for your environment.
  • Enable Webserver Logging: Ensure comprehensive logging for HTTP requests (especially URL paths, query parameters, and methods) is enabled on your web servers to facilitate detection of the patterns used in the Sigma rules.
]]>highadvisorysql-injectionjoomlaweb-vulnerabilitycve