cbcvebase.
CVE-2018-7282
published 2019-12-06

CVE-2018-7282: The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.

PriorityP179critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
10.10%
95.1th percentile
The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.

Affected

1 ranges
VendorProductVersion rangeFixed in
titoolprintmonitor< pm18.2.1pm18.2.1

Detection & IOCsextracted from sources · hover to see the quote

url/login.php
commandusername={{username}}')+OR+4191=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(50000000/2))))--+vDwl&password={{password}}&language=en
  • Monitor POST requests to /login.php with a username parameter containing SQLite time-based blind SQLi payloads, specifically patterns using RANDOMBLOB, HEX, UPPER, and LIKE functions.
  • Detect TITool PrintMonitor login endpoints exposed on the internet via Shodan query title:"PrintMonitor" or FOFA query title="printmonitor".
  • A response duration >= 6 seconds on a POST to /login.php returning HTTP 200 with body containing 'PrintMonitor' and Content-Type text/html is a strong indicator of successful time-based blind SQLi exploitation.
  • The attack is unauthenticated (no prior session required) and targets the username parameter in the login request body with Content-Type application/x-www-form-urlencoded.
  • ·The time-based detection threshold is set to 6 seconds; tuning may be required depending on network latency between the scanner and the target to avoid false positives or false negatives.
  • ·The SQLi payload uses SQLite-specific functions (RANDOMBLOB, HEX, UPPER, LIKE), indicating the backend database is SQLite; detection rules should be scoped accordingly.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
vendor_redhat5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.