Login Sign Up

CVE-2018-5973

9.8 CRITICAL
SQL Injection

📋 TL;DR

This is a critical SQL injection vulnerability in Professional Local Directory Script 1.0 that allows attackers to execute arbitrary SQL commands through the IndustryID and CategoryID parameters. Attackers can potentially read, modify, or delete database contents. All users running version 1.0 of this script are affected.

💻 Affected Systems

Products:
  • Professional Local Directory Script
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects sellers_subcategories.php and suppliers.php files specifically. Any installation with these files accessible is vulnerable.

📦 What is this software?

Professional Local Directory Script by Eihitech

View all CVEs affecting Professional Local Directory Script →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, and potential remote code execution if database permissions allow.

🟠

Likely Case

Unauthorized data access, privilege escalation, and potential administrative account takeover.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, though SQL injection attempts would still be logged.

🌐 Internet-Facing: HIGH - Web applications with this vulnerability are directly accessible to attackers worldwide.
🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access to the application.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Multiple public exploit scripts available. Attack requires no authentication and minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative software or implementing custom fixes with parameterized queries.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize IndustryID and CategoryID parameters

Edit sellers_subcategories.php and suppliers.php to add: if(!is_numeric($_GET['IndustryID'])) { die('Invalid input'); }

Web Application Firewall

all

Deploy WAF with SQL injection rules to block exploitation attempts

🧯 If You Can't Patch

  • Remove or restrict access to sellers_subcategories.php and suppliers.php files
  • Implement strict network segmentation and limit database permissions to minimum required

🔍 How to Verify

Check if Vulnerable:

Test by accessing sellers_subcategories.php?IndustryID=1' OR test injection payloads

Check Version:

Check script version in admin panel or configuration files

Verify Fix Applied:

Test with SQL injection payloads and verify they're rejected or sanitized

📡 Detection & Monitoring

Log Indicators:

  • SQL syntax errors in web server logs
  • Unusual database queries from web application
  • Multiple failed login attempts following SQL errors

Network Indicators:

  • HTTP requests with SQL keywords in parameters
  • Unusual database port traffic from web server

SIEM Query:

source="web_logs" AND ("UNION" OR "SELECT *" OR "' OR '1'='1")

📊 Metadata

CVE ID: CVE-2018-5973
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: January 25, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-5973, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)