Login Sign Up

CVE-2018-6365

9.8 CRITICAL
SQL Injection

📋 TL;DR

CVE-2018-6365 is a critical SQL injection vulnerability in TSiteBuilder 1.0 that allows attackers to execute arbitrary SQL commands via the 'id' parameter in multiple PHP files. This affects all users running TSiteBuilder 1.0 without proper input validation. Successful exploitation could lead to complete database compromise.

💻 Affected Systems

Products:
  • TSiteBuilder
Versions: 1.0
Operating Systems: Any OS running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of TSiteBuilder 1.0 are vulnerable by default.

📦 What is this software?

Tsitebuilder by Datacomponents

View all CVEs affecting Tsitebuilder →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, and potential remote code execution through database functions.

🟠

Likely Case

Database information disclosure, authentication bypass, and data manipulation.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place.

🌐 Internet-Facing: HIGH - The vulnerable endpoints are directly accessible via web requests.
🏢 Internal Only: MEDIUM - Still vulnerable to internal threats but attack surface is reduced.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Multiple public exploit scripts are available. Exploitation requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative software or implementing workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and parameterized queries for all id parameters.

Modify site.php, pagelist.php, and page_new.php to use prepared statements

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns.

Add WAF rules to detect and block SQL injection attempts

🧯 If You Can't Patch

  • Implement network segmentation to isolate TSiteBuilder from critical systems
  • Deploy intrusion detection systems to monitor for SQL injection attempts

🔍 How to Verify

Check if Vulnerable:

Test the id parameter in /site.php, /pagelist.php, or /page_new.php with SQL injection payloads like ' OR '1'='1

Check Version:

Check TSiteBuilder configuration files or admin panel for version information

Verify Fix Applied:

Verify that SQL injection payloads no longer work and return proper error handling

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL error messages in web server logs
  • Multiple failed parameter requests with SQL syntax

Network Indicators:

  • HTTP requests containing SQL keywords to vulnerable endpoints
  • Unusual database query patterns

SIEM Query:

source="web_logs" AND (uri="/site.php" OR uri="/pagelist.php" OR uri="/page_new.php") AND (request CONTAINS "UNION" OR request CONTAINS "SELECT" OR request CONTAINS "OR '1'='1'")

📊 Metadata

CVE ID: CVE-2018-6365
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: January 29, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-6365, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)