CVE-2018-13045 – This is a critical SQL injection vulnerability ... (How to Fix)

Q: What is the severity of CVE-2018-13045?

CVE-2018-13045 has a CVSS score of 9.8 (CRITICAL). This is a critical SQL injection vulnerability in Yeswiki Cercopitheque that allows attackers to execute arbitrary SQL commands via the 'id' parameter in the 'Bazar' page. Attackers can potentially read, modify, or delete database content, and in worst cases gain full system control. All users running Yeswiki Cercopitheque version 2018-06-19-1 or earlier are affected.

📋 TL;DR

This is a critical SQL injection vulnerability in Yeswiki Cercopitheque that allows attackers to execute arbitrary SQL commands via the 'id' parameter in the 'Bazar' page. Attackers can potentially read, modify, or delete database content, and in worst cases gain full system control. All users running Yeswiki Cercopitheque version 2018-06-19-1 or earlier are affected.

💻 Affected Systems

Products:

Yeswiki Cercopitheque

Versions: 2018-06-19-1 and earlier

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation and requires no special configuration to be exploitable.

📦 What is this software?

Cercopitheque by Yeswiki

View all CVEs affecting Cercopitheque →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, and potential remote code execution via database functions, resulting in full system takeover.

🟠

Likely Case

Database information disclosure, data manipulation, and potential privilege escalation to administrative access within the application.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection, though the vulnerability still exists in the codebase.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Multiple public exploit scripts are available, making this easily exploitable by attackers with minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 2018-06-19-1

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Upgrade Yeswiki Cercopitheque to the latest version. 2. If upgrading is not possible, apply the security patch that implements proper input validation and parameterized queries for the 'id' parameter in the Bazar page.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rule

all

Implement WAF rules to block SQL injection patterns in the 'id' parameter

Input Validation Filter

all

Add server-side validation to only accept numeric values for the 'id' parameter

🧯 If You Can't Patch

Implement strict input validation to only allow numeric values for the 'id' parameter
Deploy a web application firewall with SQL injection detection rules

🔍 How to Verify

Check if Vulnerable:

Test the Bazar page with SQL injection payloads in the 'id' parameter (e.g., ' OR '1'='1) and observe if database errors or unexpected behavior occurs.

Check Version:

Check the Yeswiki version in the application's admin panel or configuration files

Verify Fix Applied:

After patching, test with the same SQL injection payloads and verify they are properly sanitized or rejected.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed login attempts following SQL injection attempts
Suspicious 'id' parameter values containing SQL keywords

Network Indicators:

HTTP requests with SQL injection patterns in the 'id' parameter
Unusual database query patterns from the application server

SIEM Query:

source="web_logs" AND (uri="*/Bazar*" AND (param="id" AND value="*' OR *" OR value="*;--*" OR value="*UNION*"))

📊 Metadata

CVE ID: CVE-2018-13045

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: January 2, 2019

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/150848/Yeswiki-Cercopitheque-SQL-Injection.html Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/46015/ Exploit,Third Party Advisory,VDB Entry
http://packetstormsecurity.com/files/150848/Yeswiki-Cercopitheque-SQL-Injection.html Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/46015/ Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-13045, you might also want to check these: