CVE-2018-17254

CRITICAL EXPLOITED NUCLEI

JCK Editor 6.4.4 - SQL Injection via jtreelink Parent Parameter

Title source: llm

Exploitation Summary

CVE-2018-17254 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 5 public exploits from researchers including Hamza Megahed, Nicholas Ferreira, Nickguitar. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Joomla Component JCK Editor 6.4.4 via the 'parent' parameter. The payload injects a UNION SELECT statement to retrieve the database version, confirming the vulnerability.

Description

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.

Exploits (5)

exploitdb WORKING POC VERIFIED

by Hamza Megahed · textwebappsphp

https://www.exploit-db.com/exploits/45423

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Joomla Component JCK Editor 6.4.4 via the 'parent' parameter. The payload injects a UNION SELECT statement to retrieve the database version, confirming the vulnerability.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Joomla Component JCK Editor 6.4.4

No auth needed

Prerequisites: Access to the vulnerable Joomla component

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Nicholas Ferreira · phpwebappsphp

https://www.exploit-db.com/exploits/49627

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Joomla JCK Editor 6.4.4, allowing an attacker to extract database information and potentially achieve remote code execution by writing a malicious PHP file to the server.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Joomla JCK Editor 6.4.4

No auth needed

Prerequisites: Access to the vulnerable Joomla plugin path

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 10 stars

by Nickguitar · remote

https://github.com/Nickguitar/Joomla-JCK-Editor-6.4.4-SQL-Injection

View Code ZIP pw:eip

This is a functional SQL injection exploit for Joomla JCK Editor 6.4.4 (CVE-2018-17254), which includes SQLi payloads and an attempt at RCE via file write. The exploit automates detection, database enumeration, and data dumping.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Joomla JCK Editor 6.4.4

No auth needed

Prerequisites: Access to the vulnerable JCK Editor plugin endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec SCANNER 1 stars

by 7amzahard · poc

https://github.com/7amzahard/script-python-to-detect-CVE-2018-17254

View Code ZIP pw:eip

This is a Python-based scanner designed to detect CVE-2018-17254, an SQL injection vulnerability in JCK Editor for Joomla. It sends a basic SQLi payload to the vulnerable endpoint and checks for error signatures in the response.

Classification

Scanner 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Racy

Target: JCK Editor ≤ 6.4.4 for Joomla

No auth needed

Prerequisites: Target must be running JCK Editor ≤ 6.4.4 · Vulnerable endpoint must be accessible

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by MataKucing-OFC · remote

https://github.com/MataKucing-OFC/CVE-2018-17254

View Code ZIP pw:eip

This is a functional exploit PoC for CVE-2018-17254, targeting a SQL injection vulnerability in Joomla JCK Editor 6.4.4. It includes SQLi exploitation, database enumeration, and an attempt at RCE via file write.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Joomla JCK Editor 6.4.4

No auth needed

Prerequisites: Access to the vulnerable Joomla plugin path

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Joomla! JCK Editor SQL Injection

CRITICALby Suman_Kar

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45423/

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/161683/Joomla-JCK-Editor-6.4.4-SQL-Injection.html

Scores

CVSS v3 9.8

EPSS 0.8298

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-09-14

CWE

CWE-89

Status published

Products (1)

arkextensions/jck_editor 6.4.4

Published Sep 20, 2018

Tracked Since Feb 18, 2026