During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7 – CVE-2017-8917. The vulnerability is easy to exploit and doesn’t require a privileged account on the victim’s site.

https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html