CVE-2020-20300
published 2020-12-18CVE-2020-20300: SQL injection vulnerability in the wp_where function in WeiPHP 5.0.
PriorityP178critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
8.75%
94.5th percentile
SQL injection vulnerability in the wp_where function in WeiPHP 5.0.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| weiphp | weiphp | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/public/index.php/home/index/bind_follow/?publicid=1&is_ajax=1&uid[0]=exp&uid[1]=)%20and%20updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--+ ↗
- →Send a POST request to /public/index.php/home/index/bind_follow/ with parameters publicid=1, is_ajax=1, uid[0]=exp, and uid[1] containing an updatexml-based error-based SQLi payload; a HTTP 500 response containing the partial MD5 hash '52c69e3a57331081823331c4e69d3f2' in the body confirms exploitation. ↗
- →Shodan and FOFA fingerprints for identifying exposed WeiPHP 5.0 instances: search for http.html containing 'WeiPHP5.0', 'weiphp', or 'weiphp5.0'; FOFA body matches 'weiphp' or 'weiphp5.0'. ↗
- →The injection point is the uid parameter passed to the wp_where function; the exp operator combined with updatexml error-based injection is the attack vector via a POST body. ↗
- ·The exploit requires no authentication (PR:N) and targets the bind_follow endpoint with is_ajax=1; the vulnerability is unauthenticated and network-accessible. ↗
- ·The detection signature '52c69e3a57331081823331c4e69d3f2' is the partial MD5 of '999999' as returned in the updatexml error output; this is specific to the PoC payload and may not match if the attacker uses a different value. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gv8v-gq5v-5rpc: SQL injection vulnerability in the wp_where function in WeiPHP 5
ghsa_unreviewed·2022-05-24
CVE-2020-20300 [CRITICAL] CWE-89 GHSA-gv8v-gq5v-5rpc: SQL injection vulnerability in the wp_where function in WeiPHP 5
SQL injection vulnerability in the wp_where function in WeiPHP 5.0.
VulnCheck
weiphp weiphp Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2020·CVSS 9.8
CVE-2020-20300 [CRITICAL] weiphp weiphp Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
weiphp weiphp Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection vulnerability in the wp_where function in WeiPHP 5.0.
Affected: weiphp weiphp
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2020-20300; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2026-01-28&host_type=src&vulnerability=cve-2020-20300; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2026-01-29&host_type=src&vulnerability=cve-2020-20300; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2026-01-30&host_type=s
No detection rules found.
Nuclei
WeiPHP 5.0 - SQL Injection
nuclei·CVSS 9.8
CVE-2020-20300 [CRITICAL] WeiPHP 5.0 - SQL Injection
WeiPHP 5.0 - SQL Injection
WeiPHP 5.0 contains a SQL injection vulnerability via the wp_where function. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
Template:
id: CVE-2020-20300
info:
name: WeiPHP 5.0 - SQL Injection
author: pikpikcu
severity: critical
description: WeiPHP 5.0 contains a SQL injection vulnerability via the wp_where function. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized acce
2020-12-18
Published
Exploited in the wild