CVE-2018-12052
published 2018-06-08CVE-2018-12052: SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.
PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
4.70%
90.7th percentile
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.
Detection & IOCsextracted from sources · hover to see the quote
url/get_sec.php?q=1'+/*!50000union*/+select+1,/*!50000concat*/(user(),0x7e7e,database(),0x7e7e,@@version)%23↗
commandq=1'+/*!50000union*/+select+1,/*!50000concat*/(user(),0x7e7e,database(),0x7e7e,@@version)%23↗
- →Detect SQL injection attempts targeting the 'q' parameter in GET requests to /get_sec.php, specifically looking for MySQL inline comment obfuscation (/*!50000...*/), UNION SELECT payloads, and hex-encoded separator bytes (0x7e7e). ↗
- →Monitor HTTP access logs for requests to /get_sec.php containing 'union', 'concat', '/*!5', or URL-encoded comment sequences (%23, %2F%2A) in the query string. ↗
- ·The exploit uses MySQL versioned inline comment syntax (/*!50000....*/) to bypass WAF/input filters; detection rules must account for this obfuscation technique and not rely solely on plain-text 'UNION SELECT' matching. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2018-06-08
Published