CVE-2017-20275

Received Received - Intake

SQL Injection in Joomla PHP-Bridge Component

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: VulnCheck

Description

Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_phpbridge&view=phpview parameters and inject SQL code in the id parameter to extract database information including table and column names.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-19

Last Modified

2026-06-19

Generated

2026-06-19

AI Q&A

2026-06-19

EPSS Evaluated

N/A

NVD

CVE-2017-20275

EUVD

EUVD-2017-19002

Affected Vendors & Products

Vendor	Product	Version / Range
joomla	component_php-bridge	1.2.3

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Compliance Impact

The SQL injection vulnerability in Joomla! Component PHP-Bridge 1.2.3 allows unauthenticated attackers to extract sensitive database information, including table and column names. This exposure of sensitive data could lead to unauthorized access to personal or protected information, potentially violating data protection regulations such as GDPR or HIPAA.

By enabling attackers to execute arbitrary SQL queries and extract database contents, the vulnerability increases the risk of data breaches, which are subject to strict compliance requirements under these standards.

Executive Summary

Joomla! Component PHP-Bridge version 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter.

Attackers can send specially crafted GET requests to index.php with parameters option=com_phpbridge and view=phpview, manipulating the 'id' parameter to extract sensitive database information such as table and column names.

This vulnerability is due to improper neutralization of special elements in SQL commands, classified under CWE-89.

Impact Analysis

This vulnerability can allow attackers to execute arbitrary SQL queries on the affected Joomla! component without authentication.

As a result, attackers can extract sensitive database information including table and column names, potentially leading to data leakage.

Such unauthorized access to database contents can compromise the confidentiality and integrity of your data.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious GET requests targeting the vulnerable Joomla! component, specifically requests to index.php with parameters option=com_phpbridge and view=phpview, where the id parameter contains potentially malicious SQL code.

A practical detection method is to look for HTTP requests matching the pattern: /index.php?option=com_phpbridge&view=phpview&run=fahrzeuge&mode=detail&id=[SQL injection payload].

You can use network monitoring tools or web server logs to search for such requests.

Use grep or similar tools on web server logs to find suspicious requests, for example:
grep "option=com_phpbridge&view=phpview" /var/log/apache2/access.log | grep "id="
Use curl or wget to test the vulnerability by sending crafted GET requests with SQL injection payloads in the id parameter, for example:
curl "http://target-site/index.php?option=com_phpbridge&view=phpview&run=fahrzeuge&mode=detail&id=1' UNION SELECT NULL--"

Mitigation Strategies

Immediate mitigation steps include restricting or blocking access to the vulnerable component by disabling or removing the PHP-Bridge component version 1.2.3 from your Joomla! installation.

If removal is not immediately possible, implement web application firewall (WAF) rules to block requests containing suspicious SQL injection patterns in the id parameter targeting option=com_phpbridge&view=phpview.

Additionally, monitor logs for exploitation attempts and apply any available patches or updates from the component developer or Joomla! extensions directory.

Hi! I’m here to help you understand CVE-2017-20275. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2017-20275

SQL Injection in Joomla PHP-Bridge Component

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart