cbcvebase.
CVE-2018-10969
published 2018-06-17

CVE-2018-10969: SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation…

PriorityP266critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
5.33%
91.6th percentile
SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid.

Affected

3 ranges
VendorProductVersion rangeFixed in
fasterxmljackson-databind>= 0 < 2.4.2-3ubuntu0.1~esm22.4.2-3ubuntu0.1~esm2
genetechsolutionspie_register< 3.1.23.1.2
genetechsolutionspie_register< 3.0.103.0.10

Detection & IOCsextracted from sources · hover to see the quote

url/wordpress/wp-admin/admin.php?page=pie-invitation-codes&orderby=name&order=desc%2c(select*from(select(sleep(2)))a)
url/wordpress/wp-admin/admin.php?page=pie-invitation-codes&orderby=name&order=desc%2c(select*from(select(sleep(30)))a)
path/wp-admin/admin.php?page=pie-invitation-codes
  • Detect Time-Based SQL Injection attempts against the Pie Register plugin by monitoring HTTP requests to admin.php with the 'page=pie-invitation-codes' parameter where the 'order' parameter contains SQL sleep() payloads (e.g., %2c(select*from(select(sleep()))a)).
  • Flag any HTTP request where the 'order' query parameter contains URL-encoded commas (%2c) followed by nested SELECT/sleep constructs, indicating blind time-based SQLi exploitation of the orderby/order parameters.
  • The vulnerable parameter is 'order' in the pie-invitation-codes admin page; the plugin attempted to sanitize via esc_sql() but this was insufficient to prevent injection.
  • ·Vulnerability affects Pie Register plugin versions up to and including 3.0.9; exploitation requires access to the WordPress admin panel (authenticated attack surface).
  • ·CVE-2018-10969 is a distinct SQL injection issue from CVE-2019-15659, which affects pie-register before 3.1.2; ensure both CVEs are tracked separately when assessing patch coverage.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.