CVE-2024-9186
published 2024-11-14CVE-2024-9186: The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and…
PriorityP263high8.6CVSS 3.1
AVNACLPRNUINSCCHINAN
EXPLOIT
EPSS
2.24%
80.6th percentile
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| funnelkit | funnelkit_automations | < 3.3.0 | 3.3.0 |
Detection & IOCsextracted from sources · hover to see the quote
sigma
title: CVE-2024-9186 FunnelKit SQL Injection via bwfan-track-id
id: <UNKNOWN>
status: experimental
description: Detects unauthenticated SQL injection attempts targeting the bwfan-track-id parameter in the FunnelKit/Autonami WordPress plugin before 3.3.0
references:
- https://nvd.nist.gov/vuln/detail/CVE-2024-9186
tags:
- cve.2024-9186
logsource:
category: webserver
detection:
selection:
cs-uri-query|contains: 'bwfan-track-id'
condition: selectionsnort
alert http any any -> any any (msg:"CVE-2024-9186 FunnelKit bwfan-track-id SQLi"; flow:established,to_server; content:"bwfan-track-id"; http_uri; sid:20249186; rev:1;)
- →Monitor HTTP requests containing the 'bwfan-track-id' parameter for SQL injection payloads (e.g., quotes, UNION, SELECT, sleep/benchmark functions); the vulnerability is unauthenticated, so no session cookie is required. ↗
- →The Nuclei/community template for this CVE checks for HTTP 200 status code responses when probing the vulnerable endpoint; a 200 response to a crafted bwfan-track-id request may indicate a vulnerable and exploitable instance.
- →The digest signature present in the detection template can be used to fingerprint the specific Nuclei template file associated with CVE-2024-9186 exploitation tooling.
- ·The vulnerability affects plugin versions before 3.3.0; instances running 3.3.0 or later are patched and should not be vulnerable. ↗
- ·Exploitation requires no authentication, meaning any unauthenticated HTTP request carrying a malicious bwfan-track-id value can trigger the SQL injection; perimeter controls blocking unauthenticated POST/GET to this parameter are a viable compensating control. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Automation By Autonami < 3.3.0 - SQL Injection
nuclei·CVSS 8.6
CVE-2024-9186 [HIGH] Automation By Autonami < 3.3.0 - SQL Injection
Automation By Autonami =7"
- "status_code == 200"
condition: and
# digest: 4a0a00473045022100b7857e6d8f4c851f08ffd2bee15901aff1ce83d5df37806ea92a30df1334f87902204aafc907ca014887860882d4f8bacfaa9d4309634e5caa42e536e81bffc6c188:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2024-11-14
Published