Login Sign Up

CVE-2018-17391

9.8 CRITICAL
SQL Injection

📋 TL;DR

This vulnerability allows attackers to execute arbitrary SQL commands via the author parameter in authors_post.php in Super Cms Blog Pro 1.0. This can lead to unauthorized data access, modification, or deletion. Any system running Super Cms Blog Pro 1.0 with the vulnerable component exposed is affected.

💻 Affected Systems

Products:
  • Super Cms Blog Pro
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default installation of Super Cms Blog Pro 1.0.

📦 What is this software?

Super Cms Blog Pro by Super Cms Blog Pro Project

View all CVEs affecting Super Cms Blog Pro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, and potential remote code execution if database permissions allow.

🟠

Likely Case

Unauthorized access to sensitive data, privilege escalation, and potential website defacement.

🟢

If Mitigated

Limited impact with proper input validation and database permission restrictions.

🌐 Internet-Facing: HIGH - Web applications with SQL injection vulnerabilities are prime targets for automated attacks.
🏢 Internal Only: MEDIUM - Internal attackers could exploit this to escalate privileges or access sensitive data.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Multiple public exploit scripts are available, making this easily exploitable by attackers with minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a different CMS or implementing workarounds.

🔧 Temporary Workarounds

Input Validation and Parameterized Queries

all

Modify authors_post.php to use prepared statements with parameterized queries instead of concatenating user input into SQL statements.

Replace vulnerable SQL queries with prepared statements using PDO or MySQLi

Web Application Firewall (WAF)

all

Deploy a WAF to filter malicious SQL injection attempts targeting the author parameter.

Configure WAF rules to block SQL injection patterns in POST/GET parameters

🧯 If You Can't Patch

  • Remove or disable the authors_post.php file if not required
  • Implement strict network segmentation and limit database access to only necessary services

🔍 How to Verify

Check if Vulnerable:

Test the author parameter in authors_post.php with SQL injection payloads like ' OR '1'='1

Check Version:

Check CMS version in configuration files or admin panel

Verify Fix Applied:

Test the same parameter after implementing fixes to ensure SQL injection attempts are blocked or properly handled

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL error messages in web server logs
  • Multiple failed login attempts or unusual parameter values in access logs

Network Indicators:

  • HTTP requests containing SQL keywords (SELECT, UNION, etc.) in the author parameter

SIEM Query:

source="web_server.log" AND ("SQL syntax" OR "author=' OR" OR "author=1' OR")

📊 Metadata

CVE ID: CVE-2018-17391
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: September 28, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-17391, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)