cbcvebase.
CVE-2020-11530
published 2020-05-08

CVE-2020-11530: A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to…

PriorityP186critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
95.66%
99.9th percentile
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.

Affected

1 ranges
VendorProductVersion rangeFixed in
idangerochop_slider

Detection & IOCsextracted from sources · hover to see the quote

path/wp-content/plugins/chopslider/get_script/index.php
url/wp-content/plugins/chopslider/get_script/index.php?id=1+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))A)
commandGET /wp-content/plugins/chopslider/get_script/index.php?id=1111111 or (SELECT sleep(10))=6868
yara
rule CVE_2020_11530_ChopSlider_SQLi { strings: $path = "/wp-content/plugins/chopslider/get_script/index.php" $sleep = "SLEEP" condition: $path and $sleep }
  • Detect time-based blind SQLi attempts against ChopSlider by monitoring GET requests to /wp-content/plugins/chopslider/get_script/index.php with SQL keywords (SLEEP, SELECT, OR, AND) in the 'id' parameter.
  • Alert on HTTP responses with status 200, Content-Type application/javascript, and body containing '$(document).ready(function()' from the ChopSlider path — combined with a response duration >= 6 seconds — indicating successful time-based SQLi.
  • Boolean-based blind SQLi payloads targeting ChopSlider use OR clauses such as 'id=-3097 OR 2236=2236'; monitor for non-numeric or SQL-expression values in the id GET parameter.
  • Time-based blind SQLi payloads use OR SLEEP(N) in the id parameter (e.g., 'id=1111111111 OR SLEEP(5)'); monitor for SLEEP calls in query strings to this endpoint.
  • ·The injection payload must be URL-encoded when sent via GET, and magic_quotes is applied server-side — detection rules must account for both encoded and decoded forms of SQL metacharacters.
  • ·The Nuclei template uses a 10-second request timeout to accommodate the SLEEP(6) payload; detection infrastructure (WAF, IDS) must be tuned to not drop or timeout slow responses before the full duration is observed.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.