CVE-2017-20255 Joombooking CVE debrief

Who should care

Defenders responsible for Joomla! installations, particularly those using Component JB Visa 1.0, should prioritize patching or mitigating this vulnerability. The high CVSS score of 8.8 indicates that this vulnerability poses significant risk. Security teams and administrators should review and address this vulnerability promptly to limit exposure.

Technical summary

CVE-2017-20255 is a SQL injection vulnerability in Joomla! Component JB Visa 1.0. The vulnerability exists in the visatype parameter of GET requests to index.php with option=com_bookpro and view=popup parameters. Attackers can inject malicious SQL code to extract sensitive database information, including credentials and table contents. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

High priority due to CVSS score of 8.8 and potential for unauthenticated arbitrary SQL query execution.

Recommended defensive actions

• Inventory Joomla! installations for Component JB Visa 1.0
• Review official advisories for patching or mitigation guidance
• Apply vendor-supported remediation or patches
• Review compensating controls to limit exposure
• Monitor for suspicious activity related to this vulnerability

Evidence notes

Primary evidence for this vulnerability comes from the NVD and CVE.org records. The vulnerability affects Joomla! Component JB Visa 1.0, but specific details on affected product versions are limited. Defenders should verify the presence of this component in their Joomla! installations and review official sources for patching or mitigation guidance.

Official resources