CVE-2018-5984
published 2018-01-24CVE-2018-5984: SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI.
PriorityP263critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.70%
84.1th percentile
SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tumder_project | tumder | — | — |
Detection & IOCsextracted from sources · hover to see the quote
command%2d%33%20%20%2f%2a%21%30%31%31%31%31%55%4e%49%4f%4e%2a%2f%20%2f%2a%21%30%31%31%31%31%41%4c%4c%2a%2f%20%2f%2a%21%30%31%31%31%31%53%45%4c%45%43%54%2a%2f%20%30%78%33%31%2c%30%78%33%32%2c%43%4f%4e%43%41%54%28%44%61%74%61%62%61%73%65%28%29%2c%56%45%52%53%49%4f%4e%28%29%2c%30%78%37%65%2c%44%41%54%41%42%41%53%45%28%29%2c%30%78%37%65%2c%55%53%45%52%28%29%29%2d%2d%20%2d↗
- →SQL injection is delivered via PATH_INFO to the category/ URI — monitor HTTP requests where the path segment after 'category/' contains URL-encoded SQL keywords or UNION SELECT payloads ↗
- →The URL-encoded payload decodes to: -3 /*!01111UNION*/ /*!01111ALL*/ /*!01111SELECT*/ 0x31,0x32,CONCAT(Database(),VERSION(),0x7e,DATABASE(),0x7e,USER())-- - — alert on versioned MySQL comment obfuscation (/*!0NNNN...*/) in HTTP path segments targeting Joomla category routes ↗
- ·Exploit was tested only on WiN7_x64 and KaLiLinuX_x64 platforms; behaviour on other OS/server configurations is unconfirmed ↗
- ·The vulnerable component is specifically version 2.1 of the Tumder Joomla! component; other versions are not confirmed affected ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12635)
suricata·2018-03-19·CVSS 9.8
CVE-2017-12635 [CRITICAL] ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12635)
ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12635)
Rule: alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12635)"; flow:established,to_server,only_stream; http.method; content:"PUT"; http.uri; content:"/_users/"; http.request_body; content:"_admin"; fast_pattern; reference:cve,2017-12635; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025435; rev:4; metadata:attack_target Server, created_at 2018_03_19, cve CVE_2017_12635, deployment Datacenter, malware_family CoinMiner, signature_severity Major, updated_at 2020_11_05;)
Suricata
ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12636)
suricata·2018-03-13·CVSS 7.2
CVE-2017-12636 [HIGH] ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12636)
ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12636)
Rule: alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12636)"; flow:established,to_server,only_stream; urilen:26; http.method; content:"PUT"; http.uri; content:"/_config/query_servers/cmd"; fast_pattern; http.header; header_lowercase; content:"authorization|3a 20|Basic"; http.request_body; pcre:"/^\s*[\x22\x27]/"; reference:cve,2017-12636; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-apache-couchdb-open-door-monero-miners/; classtype:attempted-admin; sid:2025432; rev:6; metadata:created_at 2018_03_13, cve CVE_2017_12636, deployment Datacenter, performance_impact Moderate, signature_severity Major, tag Description_Generated_B
No writeups or analysis indexed.
2018-01-24
Published