.. / CVE-2018-17254

Exploit for Joomla! JCK Editor SQL Injection (CVE-2018-17254)

Description:

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.

Nuclei Template

View the template here CVE-2018-17254.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-17254.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-17254
https://github.com/ARPSyndicate/cvemon
http://packetstormsecurity.com/files/161683/Joomla-JCK-Editor-6.4.4-SQL-Injection.html
https://github.com/Nickguitar/Joomla-JCK-Editor-6.4.4-SQL-Injection
https://www.exploit-db.com/exploits/45423/
https://github.com/ARPSyndicate/kenzer-templates