CVE-2012-1124
published 2020-02-11CVE-2012-1124: SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
4.27%
89.8th percentile
SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phxeventmanager | phxeventmanager | — | — |
| phxeventmanager_project | phxeventmanager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commanddatasubmit=1&searchtype=events&s_event_names=on&s_event_descriptions=on&s_event_presenters=on&s_event_contacts=on&search_terms='↗
- →Monitor POST requests to search.php with a search_terms parameter containing a single quote or other SQL metacharacters, which triggers a visible MDB2 SQL syntax error in the response. ↗
- →Error-based SQL injection can be confirmed by the presence of 'MDB2 Error: syntax error' in the HTTP response body, leaking the backend query structure. ↗
- →Use the Google dork 'intext: "Powered by phxEventManager"' to identify exposed instances of the vulnerable application. ↗
- →The injection point is the search_terms POST parameter in search.php; the datasubmit=1 field must also be present for the query to execute. ↗
- ·The exploit was tested specifically on Apache/*nix environments running phxEventManager 2.0 Beta 5; behavior on other platforms may differ. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2012/Mar/4http://sourceforge.net/tracker/?func=detail&aid=3496086&group_id=123602&atid=697109http://www.exploit-db.com/exploits/18549http://www.openwall.com/lists/oss-security/2012/03/06/10http://www.openwall.com/lists/oss-security/2012/03/06/2http://seclists.org/fulldisclosure/2012/Mar/4http://sourceforge.net/tracker/?func=detail&aid=3496086&group_id=123602&atid=697109http://www.exploit-db.com/exploits/18549http://www.openwall.com/lists/oss-security/2012/03/06/10http://www.openwall.com/lists/oss-security/2012/03/06/2
2020-02-11
Published