CVE-2018-10969
published 2018-06-17CVE-2018-10969: SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation…
PriorityP266critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
5.33%
91.6th percentile
SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fasterxml | jackson-databind | >= 0 < 2.4.2-3ubuntu0.1~esm2 | 2.4.2-3ubuntu0.1~esm2 |
| genetechsolutions | pie_register | < 3.1.2 | 3.1.2 |
| genetechsolutions | pie_register | < 3.0.10 | 3.0.10 |
Detection & IOCsextracted from sources · hover to see the quote
url/wordpress/wp-admin/admin.php?page=pie-invitation-codes&orderby=name&order=desc%2c(select*from(select(sleep(2)))a)↗
url/wordpress/wp-admin/admin.php?page=pie-invitation-codes&orderby=name&order=desc%2c(select*from(select(sleep(30)))a)↗
- →Detect Time-Based SQL Injection attempts against the Pie Register plugin by monitoring HTTP requests to admin.php with the 'page=pie-invitation-codes' parameter where the 'order' parameter contains SQL sleep() payloads (e.g., %2c(select*from(select(sleep()))a)). ↗
- →Flag any HTTP request where the 'order' query parameter contains URL-encoded commas (%2c) followed by nested SELECT/sleep constructs, indicating blind time-based SQLi exploitation of the orderby/order parameters. ↗
- →The vulnerable parameter is 'order' in the pie-invitation-codes admin page; the plugin attempted to sanitize via esc_sql() but this was insufficient to prevent injection. ↗
- ·Vulnerability affects Pie Register plugin versions up to and including 3.0.9; exploitation requires access to the WordPress admin panel (authenticated attack surface). ↗
- ·CVE-2018-10969 is a distinct SQL injection issue from CVE-2019-15659, which affects pie-register before 3.1.2; ensure both CVEs are tracked separately when assessing patch coverage. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f2wx-gx4j-3mvc: The pie-register plugin before 3
ghsa_unreviewed·2022-05-24·CVSS 9.8
CVE-2019-15659 [CRITICAL] CWE-89 GHSA-f2wx-gx4j-3mvc: The pie-register plugin before 3
The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969.
GHSA
GHSA-xj93-q5jg-gmpm: SQL injection vulnerability in the Pie Register plugin before 3
ghsa_unreviewed·2022-05-14
CVE-2018-10969 [CRITICAL] CWE-89 GHSA-xj93-q5jg-gmpm: SQL injection vulnerability in the Pie Register plugin before 3
SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid.
OSV
jackson-databind vulnerabilities
osv·2021-03-15·CVSS 9.8
CVE-2018-11307 jackson-databind vulnerabilities
jackson-databind vulnerabilities
It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to obtain
sensitive information. (CVE-2018-11307, CVE-2019-12086, CVE-2019-12814)
It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to execute
arbitrary code or other unspecified impact. (CVE-2018-12022,
CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-19360,
CVE-2018-19361, CVE-2018-19362, CVE-2019-12384, CVE-2019-14379,
CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330,
CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969,
CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2
Suricata
ET WEB_SPECIFIC_APPS WordPress Plugin Pie Register SQL Injection
suricata·2018-06-26
ET WEB_SPECIFIC_APPS WordPress Plugin Pie Register SQL Injection
ET WEB_SPECIFIC_APPS WordPress Plugin Pie Register SQL Injection
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS WordPress Plugin Pie Register SQL Injection"; flow:established,to_server; http.uri; content:"/wp-admin/admin.php?page=pie-invitation-codes&orderby="; nocase; content:"&order="; nocase; distance:0; pcre:"/^(?:[a-zA-Z0-9_])*[\x2c\x22\x27\x28]/Ri"; reference:url,www.exploit-db.com/exploits/44867/; classtype:web-application-attack; sid:2025747; rev:4; metadata:affected_product Wordpress_Plugins, attack_target Client_Endpoint, created_at 2018_06_26, cve cve_2018_10969, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2020_11_04, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mit
No writeups or analysis indexed.
2018-06-17
Published