cbcvebase.
CVE-2018-12052
published 2018-06-08

CVE-2018-12052: SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.

PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
4.70%
90.7th percentile
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.

Detection & IOCsextracted from sources · hover to see the quote

path/get_sec.php
url/get_sec.php?q=1'+/*!50000union*/+select+1,/*!50000concat*/(user(),0x7e7e,database(),0x7e7e,@@version)%23
commandq=1'+/*!50000union*/+select+1,/*!50000concat*/(user(),0x7e7e,database(),0x7e7e,@@version)%23
  • Detect SQL injection attempts targeting the 'q' parameter in GET requests to /get_sec.php, specifically looking for MySQL inline comment obfuscation (/*!50000...*/), UNION SELECT payloads, and hex-encoded separator bytes (0x7e7e).
  • Monitor HTTP access logs for requests to /get_sec.php containing 'union', 'concat', '/*!5', or URL-encoded comment sequences (%23, %2F%2A) in the query string.
  • ·The exploit uses MySQL versioned inline comment syntax (/*!50000....*/) to bypass WAF/input filters; detection rules must account for this obfuscation technique and not rely solely on plain-text 'UNION SELECT' matching.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.