SQL Injection Vulnerability com_fields in Joomla 3.7

The vulnerability is caused by a new component, com_fields, which was introduced Joomla in version 3.7. If you use this version, you are affected and should update as soon as possible. This vulnerable component is publicly accessible, which means this issue can be exploited by any malicious individual visiting your site.

Given the nature of SQL Injection attacks, there are many ways an attacker could cause harm – examples include leaking password hashes and hijacking a logged-in user’s session (the latter results in a full site compromise if an administrator session is stolen).

Technical Details

We seen few attacks at moment this vulnerability, which Using GET request method:

/index.php?option=com_fields&view=fields&layout=modal

Attacker uses list.fullordering deploy SQL attack to website:

/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=(SQL INJECTION)

More details in Sucuri Blog.

Final words

If you have not already, update as soon as possible!

Websites that using Malware Expert – ModSecurity rules are protected against this attack.