CVE-2018-5988
published 2018-01-24CVE-2018-5988: SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php.
PriorityP267critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
19.49%
97.0th percentile
SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flexible_poll_project | flexible_poll | — | — |
Detection & IOCsextracted from sources · hover to see the quote
command-714'+UniOn+SElecT+(/*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)),@,2)),2,3,4,5--+-↗
- →Monitor HTTP GET requests to index.php and mobile_preview.php for SQL injection patterns in the 'id' parameter, specifically looking for UNION SELECT, export_set(), and MySQL version-specific comment syntax (/*!08888...*/) ↗
- →Detect the MySQL conditional comment bypass pattern /*!08888 in the id parameter of requests targeting Flexible Poll endpoints, used to evade basic WAF keyword filtering ↗
- →Alert on use of export_set() function combined with information_schema.columns enumeration in URL query parameters, indicative of blind/error-based schema extraction ↗
- ·The exploit targets Flexible Poll version 1.2 specifically; verify the installed version before applying detections to avoid false positives on other versions ↗
- ·The SQL injection payload uses URL-encoded plus signs (+) as space substitutes and mixed-case SQL keywords (UniOn, SElecT) to bypass case-sensitive filters; detection rules must account for these obfuscation techniques ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2018-01-24
Published