CVE-2018-12636
published 2018-06-22CVE-2018-12636: The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
PriorityP354high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
30.12%
98.0th percentile
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ithemes | security | < 7.0.3 | 7.0.3 |
CVSS provenance
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS WordPress Plugin iThemes Security SQL Injection
suricata·2018-06-25
ET WEB_SPECIFIC_APPS WordPress Plugin iThemes Security SQL Injection
ET WEB_SPECIFIC_APPS WordPress Plugin iThemes Security SQL Injection
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS WordPress Plugin iThemes Security SQL Injection"; flow:established,to_server; http.uri; content:"/wp-admin/admin.php"; content:"&orderby="; fast_pattern; pcre:"/&orderby=(?:[a-zA-Z0-9_])*[\x2c\x22\x27\x28]/i"; classtype:web-application-attack; sid:2025738; rev:2; metadata:affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2018_06_25, cve cve_2018_12636, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, updated_at 2020_08_25, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SPECIFIC_APPS Apache CouchDB Remote Code Execution 4
suricata·2018-06-25
CVE-2017-12636 ET WEB_SPECIFIC_APPS Apache CouchDB Remote Code Execution 4
ET WEB_SPECIFIC_APPS Apache CouchDB Remote Code Execution 4
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Apache CouchDB Remote Code Execution 4"; flow:established,to_server; http.method; content:"DELETE"; http.uri; content:"/_config/query_servers/cmd"; fast_pattern; reference:cve,2017-12636; classtype:attempted-user; sid:2025743; rev:3; metadata:attack_target Web_Server, created_at 2018_06_25, cve CVE_2017_12636, deployment Datacenter, confidence High, signature_severity Major, updated_at 2020_08_25, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SPECIFIC_APPS Apache CouchDB Remote Code Execution 2
suricata·2018-06-25
CVE-2017-12636 ET WEB_SPECIFIC_APPS Apache CouchDB Remote Code Execution 2
ET WEB_SPECIFIC_APPS Apache CouchDB Remote Code Execution 2
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Apache CouchDB Remote Code Execution 2"; flow:established,to_server; http.uri; content:"/_config/query_servers/cmd"; reference:cve,2017-12636; classtype:attempted-user; sid:2025741; rev:3; metadata:attack_target Web_Server, created_at 2018_06_25, cve CVE_2017_12636, deployment Datacenter, confidence Medium, signature_severity Major, updated_at 2020_08_25, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET WEB_SPECIFIC_APPS Apache CouchDB Remote Code Execution 3
suricata·2018-06-25
CVE-2017-12636 ET WEB_SPECIFIC_APPS Apache CouchDB Remote Code Execution 3
ET WEB_SPECIFIC_APPS Apache CouchDB Remote Code Execution 3
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Apache CouchDB Remote Code Execution 3"; flow:established,to_server; http.uri; content:"/_temp_view?limit="; http.request_body; content:"|22|cmd|22|"; fast_pattern; reference:cve,2017-12636; classtype:attempted-user; sid:2025742; rev:3; metadata:attack_target Web_Server, created_at 2018_06_25, cve CVE_2017_12636, deployment Datacenter, signature_severity Major, updated_at 2020_08_25, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Suricata
ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12636)
suricata·2018-03-13·CVSS 7.2
CVE-2017-12636 [HIGH] ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12636)
ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12636)
Rule: alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12636)"; flow:established,to_server,only_stream; urilen:26; http.method; content:"PUT"; http.uri; content:"/_config/query_servers/cmd"; fast_pattern; http.header; header_lowercase; content:"authorization|3a 20|Basic"; http.request_body; pcre:"/^\s*[\x22\x27]/"; reference:cve,2017-12636; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025432; rev:6; metadata:created_at 2018_03_13, cve CVE_2017_12636, deployment Datacenter, performance_impact Moderate, signature_severity Major, tag Description_Generated_B
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3Ehttps://wordpress.org/plugins/better-wp-security/#developershttps://www.exploit-db.com/exploits/44943/https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3Ehttps://wordpress.org/plugins/better-wp-security/#developershttps://www.exploit-db.com/exploits/44943/
2018-06-22
Published