cbcvebase.
CVE-2024-32136
published 2024-04-15

CVE-2024-32136: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL…

PriorityP348high7.6CVSS 3.1
AVNACLPRHUINSCCHINAL
EXPLOIT
EPSS
1.31%
67.0th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through 2.0.3.

Affected

1 ranges
VendorProductVersion rangeFixed in
xenioushkbwl_advanced_faq_managern/a – 2.0.3

Detection & IOCsextracted from sources · hover to see the quote

url/wp-admin/edit.php?page=bwl-advanced-faq-analytics&post_type=bwl_advanced_faq&filter_type=views&date_range=(select*from(select(sleep(20)))a)&faq_id=all
path/wp-admin/edit.php
command(select*from(select(sleep(20)))a)
  • Monitor GET requests to /wp-admin/edit.php with the query parameter 'page=bwl-advanced-faq-analytics' containing SQL injection payloads in the 'date_range' parameter, particularly time-based blind injection patterns such as sleep() calls.
  • Alert on HTTP responses delayed by ~20 seconds to /wp-admin/edit.php?page=bwl-advanced-faq-analytics, which is indicative of a successful time-based SQL injection exploitation.
  • Flag requests where the 'date_range' URL parameter contains SQL metacharacters or subquery constructs (e.g., parentheses, SELECT, sleep) rather than expected date format values.
  • ·Exploitation requires authentication; unauthenticated attackers cannot directly trigger this vulnerability. Detection rules should account for authenticated WordPress sessions when scoping alerts.
  • ·The vulnerability affects BWL Advanced FAQ Manager versions up to and including 2.0.3. Installations already upgraded to v2.0.4 or later are not affected and can be excluded from detection scope.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.