Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Wordpress wpdb SQL injection attempt

Rule Explanation

This event is generated when an attempt of perform an SQL injection to the Wordpress database, is detected Impact: Web Application Attack Details: This SQL injection is triggered when the $wpdb->prepare method, that Wordpress uses to send SQL queries to its database, receives a set of characters that can lead to the creation of unsafe queries and then allow the injection of unwanted data into the database. Ease of Attack: Medium

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

Additional Links

Rule Vulnerability

CVE Additional Information

CVE-2017-14723
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.
Details
Severity Base Score9.8
Impact Score5.9 Exploit Score3.9
Confidentiality ImpactHIGH Integrity ImpactHIGH
Availability ImpactHIGH Access Vector
Authentication Ease of Access