CVE-2017-20277

Received Received - Intake

Blind SQL Injection in JoomRecipe Component

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: VulnCheck

Description

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-19

Last Modified

2026-06-19

Generated

2026-06-19

AI Q&A

2026-06-19

EPSS Evaluated

N/A

NVD

CVE-2017-20277

EUVD

EUVD-2017-19004

Affected Vendors & Products

Vendor	Product	Version / Range
joomla	joomrecipe	1.0.4
joomboost	joomrecipe	to 6.9.0 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Executive Summary

The Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the 'search_author' parameter on the search results page.

Attackers can exploit this flaw by sending malicious SQL code via POST requests to the search endpoint, allowing them to manipulate database queries.

This vulnerability uses boolean-based blind SQL injection techniques to extract sensitive database information without direct visibility of the data.

Compliance Impact

The vulnerability in Joomla JoomRecipe 1.0.4 allows attackers to perform blind SQL injection attacks, potentially extracting sensitive database information without authorization.

Such unauthorized access to sensitive data could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches.

Therefore, if exploited, this vulnerability could compromise the confidentiality and integrity of data, impacting compliance with these common standards and regulations.

Impact Analysis

This vulnerability can lead to unauthorized access to sensitive database information by allowing attackers to extract data through SQL injection.

Attackers may manipulate database queries, potentially leading to unauthorized data access, modification, or deletion.

Because the vulnerability is exploitable remotely without authentication, it poses a significant risk to the confidentiality and integrity of the affected system's data.

Detection Guidance

This vulnerability can be detected by testing the 'search_author' parameter on the JoomRecipe 1.0.4 search results page for blind SQL injection flaws. One common method is to use automated tools like sqlmap to send crafted POST requests to the search endpoint and analyze the responses for boolean-based blind SQL injection behavior.

Use sqlmap with a POST request targeting the 'search_author' parameter to detect SQL injection, for example: sqlmap -u "http://targetsite.com/index.php?option=com_joomrecipe&view=search" --data="search_author=somevalue" --risk=3 --level=5
Manually test by sending POST requests with payloads that cause boolean-based blind SQL injection, such as appending ' AND 1=1' and ' AND 1=2' to the 'search_author' parameter and observing differences in the response.

Mitigation Strategies

The immediate mitigation step is to update the JoomRecipe component to the latest version where this vulnerability has been fixed. Versions prior to 6.9.0 are affected, so upgrading to 6.9.0 or later will address the issue.

If an immediate update is not possible, restrict access to the vulnerable search endpoint or implement web application firewall (WAF) rules to block malicious POST requests targeting the 'search_author' parameter.

Hi! I’m here to help you understand CVE-2017-20277. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2017-20277

Blind SQL Injection in JoomRecipe Component

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart