CVE-2020-15363
published 2020-06-28CVE-2020-15363: The Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection.
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
5.90%
92.3th percentile
The Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nexos_project | nexos | <= 1.7 | — |
Detection & IOCsextracted from sources · hover to see the quote
urltop-map/?search_order=idlisting%20DESC&search_location=%22%3E%3Cimg%20src=x%20onerror=alert(`VL%CE%9BDV%CE%9ECTOR`);window.location=`https://twitter.com/vlad_vector`%3E%3E↗
- →Monitor HTTP GET requests targeting the 'side-map/' or 'top-map/' endpoints with a 'search_order' parameter containing SQL metacharacters or unsanitised ORDER BY values (e.g. 'idlisting DESC'). ↗
- →Alert on requests to 'top-map/' or 'side-map/' where 'search_location' contains HTML/JavaScript injection payloads such as '<img src=x onerror=...>' indicating reflected XSS exploitation attempts. ↗
- →Presence of the path '/wp-content/themes/nexos/' in web server logs can identify sites running the vulnerable Nexos theme and should be correlated with anomalous query parameters. ↗
- →SQLmap tool fingerprinting: look for high-frequency automated requests to 'side-map/?search_order=' with varying payloads and '--random-agent' style rotating User-Agent strings, combined with '--threads' concurrency patterns. ↗
- →The vulnerability is unauthenticated — no session cookie or authentication token is required. Any anonymous GET request to the affected endpoints with a manipulated 'search_order' value should be treated as suspicious. ↗
- ·The SQL injection is exploitable only on sites running the Nexos Real Estate WordPress theme at version 1.7 or earlier. Patched or updated versions are not affected. ↗
- ·The back-end DBMS confirmed during exploitation is MySQL; detection rules tuned for MySQL-specific SQLi payloads (e.g. INFORMATION_SCHEMA enumeration) will be most effective. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/158510/WordPress-NexosReal-Estate-Theme-1.7-Cross-Site-Scripting-SQL-Injection.htmlhttps://github.com/vladvector/vladvector.github.io/blob/master/exploit/2020-06-17-nexos-real-estate-wordpress-theme-v1-7.txthttps://themeforest.net/item/nexos-real-estate-agency-directory/21126242http://packetstormsecurity.com/files/158510/WordPress-NexosReal-Estate-Theme-1.7-Cross-Site-Scripting-SQL-Injection.htmlhttps://github.com/vladvector/vladvector.github.io/blob/master/exploit/2020-06-17-nexos-real-estate-wordpress-theme-v1-7.txthttps://themeforest.net/item/nexos-real-estate-agency-directory/21126242
2020-06-28
Published