CVE-2018-7474
published 2018-03-14CVE-2018-7474: An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.
PriorityP357critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
6.59%
93.0th percentile
An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| textpattern | textpattern | <= 4.6.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/textpattern/textpattern/index.php?event=link&step=link_change_pageby&qty=50&_txp_token=baa07ba857d3618ef810b725b9d4d9d8↗
- →Monitor HTTP requests to /textpattern/textpattern/index.php with parameters event=link&step=link_change_pageby for SQL injection payloads in the 'qty' parameter (e.g., SQL keywords such as INTO OUTFILE, SELECT, UNION, or comment sequences like --). ↗
- →Flag requests using HTTP/1.0 protocol version targeting the vulnerable endpoint, as the exploit specifically requires HTTP version 1.0 to interact with the application. ↗
- →The _txp_token parameter does not function as an anti-CSRF control; do not rely on token validation as a detection or mitigation signal for this attack path. ↗
- →Exploitation requires an authenticated administrator session; correlate SQL injection attempts in the 'qty' parameter with authenticated admin sessions to reduce false positives. ↗
- ·The vulnerability affects Textpattern CMS version 4.6.2 and earlier; no patch was available at time of disclosure and the vendor was unresponsive. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2018-03-14
Published