CVE-2017-20277

HIGH

Joomla JoomRecipe 1.0.4 Component Blind SQL Injection via search_author

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20277. PoCs published by Teng.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in the Joomla JoomRecipe 1.0.4 component via the 'search_author' POST parameter. It includes a sqlmap command to exploit the vulnerability, confirming its functionality.

Description

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques.

Exploits (1)

exploitdb WORKING POC

by Teng · textwebappsphp

https://www.exploit-db.com/exploits/42347

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection vulnerability in the Joomla JoomRecipe 1.0.4 component via the 'search_author' POST parameter. It includes a sqlmap command to exploit the vulnerability, confirming its functionality.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Joomla JoomRecipe 1.0.4

No auth needed

Prerequisites: Access to the search page of the JoomRecipe component · sqlmap tool

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Jun 19, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-42347

https://www.exploit-db.com/exploits/42347

Product product

Official Product Homepage

http://joomboost.com/

Product product

Product Reference

https://extensions.joomla.org/extensions/extension/vertical-markets/food-a-beverage/joomrecipe/

Third Party Advisory third-party-advisory

VulnCheck Advisory: Joomla JoomRecipe 1.0.4 Component Blind SQL Injection via search_author

https://www.vulncheck.com/advisories/joomla-joomrecipe-component-blind-sql-injection-via-search-author

Scores

CVSS v3 8.2

EPSS 0.0025

EPSS Percentile 16.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Details

CWE

CWE-89

Status published

Products (1)

Joomboost/Joomla JoomRecipe 1.0.4

Published Jun 19, 2026

Tracked Since Jun 19, 2026