CVE-2018-10757
published 2018-05-05CVE-2018-10757: CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt.
PriorityP270critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
5.83%
92.2th percentile
CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| csp_mysql_user_manager_project | csp_mysql_user_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttps://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/cspmum/cmum-231.zip↗
- →Detect SQL injection authentication bypass attempt in the username field containing the pattern `' or '` and `--` comment sequence targeting the login endpoint. ↗
- →CSP MySQL User Manager 2.3.1 is vulnerable; flag any login attempts to this application where the username field contains SQL metacharacters (single quotes, comment sequences). ↗
- ·Exploit was tested specifically on Linux 2.6.38-11; behavior on other platforms is not confirmed by the source. ↗
- ·The vulnerability is confirmed only in version 2.3.1 of CSP MySQL User Manager; other versions are not referenced. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://github.com/dukereborn/cmum/commit/c89158ec646c4e8e95587b650f6fd86b502ff8b5https://packetstormsecurity.com/files/147501/cspmysqlum231-sql.txthttps://www.exploit-db.com/exploits/44589/https://github.com/dukereborn/cmum/commit/c89158ec646c4e8e95587b650f6fd86b502ff8b5https://packetstormsecurity.com/files/147501/cspmysqlum231-sql.txthttps://www.exploit-db.com/exploits/44589/
2018-05-05
Published