CVE-2024-43144
published 2024-08-29CVE-2024-43144: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.00%
78.3th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| stylemixthemes | cost_calculator_builder | < 3.2.16 | 3.2.16 |
| stylemixthemes | cost_calculator_builder | n/a – 3.2.15 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect SQL injection attempts targeting the Cost Calculator Builder WordPress plugin (versions up to and including 3.2.15) by monitoring for unsanitized SQL special characters (e.g., single quotes, comparison operators) in plugin-related HTTP requests. ↗
- →The nuclei-style rule signature references a payload pattern 'Cost Calculator Builder =8\'' suggesting SQL injection probe strings with comparison operators and quote characters should be flagged in WAF/IDS rules for this plugin's endpoints.
- ·The vulnerability affects all versions of Cost Calculator Builder from the beginning (n/a) through 3.2.15; no lower bound version is specified, so all installations should be treated as affected until patched. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Cost Calculator Builder <= 3.2.15 - SQL Injection
nuclei·CVSS 9.8
CVE-2024-43144 [CRITICAL] Cost Calculator Builder <= 3.2.15 - SQL Injection
Cost Calculator Builder =8'
condition: and
# digest: 4a0a00473045022100e23e3bceafa4ea6a5572f82c5730157ae53bdeebb3111dbe9baf6f6ecb79656502204cd2ba011e8ad3aba119c1252c871d54201880dda2c57d93de06f53b914c6bc6:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2024-08-29
Published