CVE-2017-20274 in LMS King Professional
Summary
by MITRE • 06/19/2026
Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cp_id parameter. Attackers can send GET requests to index.php with the option=com_lmsking, view=lmsking, layout=learningpath, and task=learningPath parameters to extract sensitive database information.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 06/19/2026
This vulnerability exists within Joomla LMS King Professional version 3.2.4.0 and represents a critical sql injection flaw that affects the component handling learning paths and course management. The vulnerability specifically targets the cp_id parameter which is processed without adequate input sanitization or validation, allowing malicious actors to inject arbitrary sql commands into the database query execution flow. The attack vector is particularly dangerous as it requires no authentication credentials, making it accessible to any remote attacker who can craft malicious requests to the vulnerable application. The exploitation occurs through standard http get requests directed at index.php with specific parameters including com_lmsking for component identification, lmsking for view specification, learningpath for layout targeting, and learningPath for task execution. This vulnerability directly maps to cwe-89 which defines improper neutralization of special elements used in an sql command, and aligns with attack technique t1213 from the attack framework which covers data manipulation through sql injection.
The operational impact of this vulnerability is severe and multifaceted across multiple security domains. Successful exploitation can result in complete database compromise including unauthorized access to user credentials, personal information, course content, and administrative configurations. Attackers can extract sensitive data through union-based sql injection techniques, potentially gaining access to thousands of user records including hashed passwords and personal identifiers. The vulnerability also enables attackers to modify database content, delete critical learning materials, or inject malicious code into the application environment. Additionally the attack can be used to escalate privileges within the application by manipulating administrative user records or altering access control mechanisms. This type of vulnerability directly violates security principles of input validation and output encoding that are fundamental to preventing sql injection attacks.
Mitigation strategies for this vulnerability must address both immediate remediation and long-term architectural security improvements. The most critical immediate action is to upgrade to the latest version of Joomla LMS King Professional which contains patched sql injection protections and proper parameter validation. Organizations should implement web application firewalls with sql injection detection capabilities and deploy proper input validation at multiple layers including application code, database connections, and network level protections. Database access should be restricted using least privilege principles where application accounts have minimal required permissions and cannot execute administrative sql commands. Regular security audits should include sql injection testing using tools like sqlmap or custom penetration testing to verify that all input parameters are properly sanitized. The vulnerability also highlights the importance of implementing proper error handling that does not expose database structure information to end users. Organizations should establish secure coding practices that include parameterized queries, input validation frameworks, and regular security training for developers. Implementation of database activity monitoring and intrusion detection systems can provide additional layers of protection against exploitation attempts. The attack pattern described aligns with common exploitation techniques documented in security frameworks and represents a typical sql injection vector that requires comprehensive defense-in-depth strategies to prevent successful exploitation.