CVE-2020-5766
published 2020-07-13CVE-2020-5766: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a…
PriorityP276high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
6.05%
92.5th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| srs_simple_hits_counter_project | srs_simple_hits_counter | — | — |
| srs_simple_hits_counter_project | srs_simple_hits_counter | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-admin/admin-ajax.php?action=srs_update_counter&post_id=1+and+1=0)+union+select+(select+if(ascii(substring((select+user_pass+from+wp_users+where+user_login=char(97,100,109,105,110)),%d,1))=%d,sleep(6),sleep(0))),1,1,1,1,1;--↗
- →Detect exploitation attempts by monitoring HTTP GET requests to /wp-admin/admin-ajax.php with the query parameter action=srs_update_counter combined with SQL injection payloads in the post_id parameter (e.g., UNION SELECT, sleep(), ascii(), substring()). ↗
- →Time-based blind SQLi detection: flag requests to the srs_update_counter action where the server response duration is >= 6 seconds, indicating a successful sleep() injection. ↗
- →Identify vulnerable WordPress installations by detecting the presence of the plugin path /wp-content/plugins/srs-simple-hits-counter/ in HTTP response bodies. ↗
- →The attack is unauthenticated and targets the AJAX endpoint via HTTP GET — no authentication cookies or nonces are required, making it detectable as anomalous unauthenticated access to admin-ajax.php with SQL-like patterns. ↗
- ·The publicwww-query fingerprint can be used to enumerate potentially vulnerable WordPress sites exposed on the internet, but presence of the plugin path alone does not confirm exploitation. ↗
- ·The vulnerability affects only plugin versions 1.0.3 and 1.0.4; detections should be scoped accordingly to reduce false positives on patched installations. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pmxc-pvr4-wcxp: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1
ghsa_unreviewed·2022-05-24
CVE-2020-5766 [MEDIUM] GHSA-pmxc-pvr4-wcxp: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields.
VulnCheck
srs_simple_hits_counter_project srs_simple_hits_counter Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2020·CVSS 7.5
CVE-2020-5766 [HIGH] srs_simple_hits_counter_project srs_simple_hits_counter Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
srs_simple_hits_counter_project srs_simple_hits_counter Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields.
Affected: srs_simple_hits_counter_project srs_simple_hits_counter
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://unit42.paloaltonetworks.com/network-attack-trends-winter-2020/
No detection rules found.
Nuclei
SRS Simple Hits Counter 1.0.3-1.0.4 - Unauthenticated Blind SQL Injection
nuclei·CVSS 7.5
CVE-2020-5766 [HIGH] SRS Simple Hits Counter 1.0.3-1.0.4 - Unauthenticated Blind SQL Injection
SRS Simple Hits Counter 1.0.3-1.0.4 - Unauthenticated Blind SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields.
Template:
id: CVE-2020-5766
info:
name: SRS Simple Hits Counter 1.0.3-1.0.4 - Unauthenticated Blind SQL Injection
author: DhiyaneshDk
severity: high
description: |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields.
impact: |
Unauthenticated attackers can extract database contents via blind SQL injection,
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)
blogs_unit42·2021-04-12·CVSS 7.5
CVE-2020-28188 [HIGH] Network Attack Trends: Internet of Threats (November 2020-January 2021)
# Executive Summary
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020. Several newly observed exploits, including CVE-2020-28188, CVE-2020-17519, and CVE-2020-29227, have emerged and were continuously being exploited in the wild as of late 2020 to early 2021.
This blog provides details of the newly observed exploits as well as a dive deep into the exploitation analysis, vendor analysis, attack origin, and attack category distribution.
Palo Alto Networks Next-Generation Firewall customers are protected from these attacks with the URL Filtering an
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)
blogs_unit42·2021-04-12·CVSS 7.5
[HIGH] Network Attack Trends: Internet of Threats (November 2020-January 2021)
Threat Research Center
Trend Reports
Vulnerabilities
## Network Attack Trends: Internet of Threats (November 2020-January 2021)
Lei Xu
Yue Guan
Vaibhav Singhal
Published: April 12, 2021
Malware
Trend Reports
Vulnerabilities
Botnet
DDoS
Exploit kit
IoT
Network security trends
## Executive Summary
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020 . Several newly observed exploits, including CVE-2020-28188 , CVE-2020-17519 , and CVE-2020-29227 , have emerged and were continuously being exploited in the wild as of late 2020 to earl
2020-07-13
Published
Exploited in the wild