cbcvebase.
CVE-2018-5984
published 2018-01-24

CVE-2018-5984: SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI.

PriorityP263critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.70%
84.1th percentile
SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI.

Affected

1 ranges
VendorProductVersion rangeFixed in
tumder_projecttumder

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://localhost/[PATH]/category/[SQL]
command%2d%33%20%20%2f%2a%21%30%31%31%31%31%55%4e%49%4f%4e%2a%2f%20%2f%2a%21%30%31%31%31%31%41%4c%4c%2a%2f%20%2f%2a%21%30%31%31%31%31%53%45%4c%45%43%54%2a%2f%20%30%78%33%31%2c%30%78%33%32%2c%43%4f%4e%43%41%54%28%44%61%74%61%62%61%73%65%28%29%2c%56%45%52%53%49%4f%4e%28%29%2c%30%78%37%65%2c%44%41%54%41%42%41%53%45%28%29%2c%30%78%37%65%2c%55%53%45%52%28%29%29%2d%2d%20%2d
  • SQL injection is delivered via PATH_INFO to the category/ URI — monitor HTTP requests where the path segment after 'category/' contains URL-encoded SQL keywords or UNION SELECT payloads
  • The URL-encoded payload decodes to: -3 /*!01111UNION*/ /*!01111ALL*/ /*!01111SELECT*/ 0x31,0x32,CONCAT(Database(),VERSION(),0x7e,DATABASE(),0x7e,USER())-- - — alert on versioned MySQL comment obfuscation (/*!0NNNN...*/) in HTTP path segments targeting Joomla category routes
  • ·Exploit was tested only on WiN7_x64 and KaLiLinuX_x64 platforms; behaviour on other OS/server configurations is unconfirmed
  • ·The vulnerable component is specifically version 2.1 of the Tumder Joomla! component; other versions are not confirmed affected

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.