cbcvebase.
CVE-2018-7474
published 2018-03-14

CVE-2018-7474: An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.

PriorityP357critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
6.59%
93.0th percentile
An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
textpatterntextpattern<= 4.6.2

Detection & IOCsextracted from sources · hover to see the quote

url/textpattern/textpattern/index.php?event=link&step=link_change_pageby&qty=50&_txp_token=baa07ba857d3618ef810b725b9d4d9d8
path/textpattern/textpattern/index.php
  • Monitor HTTP requests to /textpattern/textpattern/index.php with parameters event=link&step=link_change_pageby for SQL injection payloads in the 'qty' parameter (e.g., SQL keywords such as INTO OUTFILE, SELECT, UNION, or comment sequences like --).
  • Flag requests using HTTP/1.0 protocol version targeting the vulnerable endpoint, as the exploit specifically requires HTTP version 1.0 to interact with the application.
  • The _txp_token parameter does not function as an anti-CSRF control; do not rely on token validation as a detection or mitigation signal for this attack path.
  • Exploitation requires an authenticated administrator session; correlate SQL injection attempts in the 'qty' parameter with authenticated admin sessions to reduce false positives.
  • ·The vulnerability affects Textpattern CMS version 4.6.2 and earlier; no patch was available at time of disclosure and the vendor was unresponsive.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.