HTTP: MySQL Table Name in URL Variable

This signature detects MySQL table names being sent in HTTP URL variables. Such activity could be an SQL Command Injection attempt. It could also detect non-malicious references to MySQL table names, such as in a blog posting, or for websites that use SQL commands in their URL's as a part of that website's normal functionality (not recommended).

Extended Description

SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.

Affected Products

Joomla joomla!

Short Name
HTTP:SQL:INJ:MYSQL-TABLE-NAME
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2017-8917 MySQL Name Table URL Variable in
Release Date
07/11/2012
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Joomla

CVSS Score

7.5

Found a potential security threat?