cbcvebase.
CVE-2020-18662
published 2021-06-24

CVE-2020-18662: SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php.

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
5.38%
91.7th percentile
SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
sirgnuboard<= 5.3.2.8

Detection & IOCsextracted from sources · hover to see the quote

url/install/install_db.php
commandtable_prefix=12`; select sleep(5)#
commandtable_prefix=' OR 1=1--
  • Monitor POST requests to /install/install_db.php — this installation endpoint should not be publicly accessible post-install and any POST to it is suspicious.
  • Inspect the `table_prefix` POST parameter for SQL injection payloads, including backtick-terminated statements, sleep-based blind SQLi, and OR-based boolean payloads.
  • Detect time-based blind SQL injection attempts by alerting on anomalous response delays (≥5s) correlated with POST requests to install_db.php containing SQL keywords (sleep, select) in the table_prefix parameter.
  • Content-Type: application/x-www-form-urlencoded is used in the exploit; correlate with the target path and suspicious table_prefix values for WAF/IDS rules.
  • ·The vulnerable endpoint install_db.php is part of the installation workflow; if the install directory is removed or access-restricted after setup (as is best practice), the attack surface is eliminated. Verify whether the /install/ directory is still present and accessible on deployed instances.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.