CVE-2017-20275: Joomla! Component PHP-Bridge 1.2.3 SQL Injection via id Parameter
Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_phpbridge&view=phpview parameters and inject SQL code in the id parameter to extract database information including table and column names.
Security readout for executives and security teams
Plain-English summary
CVE-2017-20275 affects the Joomla PHP-Bridge component version 1.2.3. An unauthenticated attacker may be able to query the site database through an unsafe id parameter, risking exposure of database structure and sensitive data. This is not described as a Joomla core flaw.
Executive priority
Prioritize within the current remediation cycle for any public Joomla site using this component. If exposed externally, treat as high urgency because database disclosure could affect customer, operational, or credential data.
Technical view
The source bundle describes a CWE-89 SQL injection in Henryschorradt Bridge/PHP-Bridge 1.2.3 for Joomla. CVSS 4.0 is 8.8, with network access, low complexity, no privileges, and no user interaction. The cited impact emphasizes high confidentiality risk and limited integrity impact.
Likely exposure
Exposure is most likely on internet-facing Joomla sites with PHP-Bridge or Bridge component version 1.2.3 installed and publicly reachable. The bundle does not provide CPEs, install prevalence, or a confirmed fixed version.
Exploitation context
The bundle cites an ExploitDB entry, so public exploit information exists. It does not cite CISA KEV listing or confirmed active exploitation. Treat internet-exposed installations as urgent because exploitation requires no authentication and low complexity.
Researcher notes
Evidence is limited to the CVE source bundle, VulnCheck advisory, and ExploitDB reference. No patch status, CPE mapping, KEV listing, or active exploitation evidence is provided. Avoid assuming broader Joomla impact beyond the named component and version.
Mitigation direction
Inventory Joomla sites for PHP-Bridge or Bridge component version 1.2.3.
Remove or disable the component if it is not required.
Check vendor, CVE, and VulnCheck guidance for an official fixed version.
Restrict public access to affected component routes where removal is not immediately possible.
Monitor web and WAF logs for SQL injection attempts against PHP-Bridge.
Validation and detection
Confirm whether PHP-Bridge or Bridge 1.2.3 is installed on Joomla assets.
Identify whether affected component functionality is reachable without authentication.
Review web logs for suspicious id parameter activity targeting PHP-Bridge.
Check database logs for unusual schema enumeration or unexpected read queries.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-89: Database access and collection lookup
Injection into data stores can inform collection, data access, and exfiltration detection reviews. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references database injection or access, so collection and exfiltration review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-89 · source CWE mapping
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.