SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Wordpress wpdb SQL injection attempt
This event is generated when an attempt of perform an SQL injection to the Wordpress database, is detected Impact: Web Application Attack Details: This SQL injection is triggered when the $wpdb->prepare method, that Wordpress uses to send SQL queries to its database, receives a set of characters that can lead to the creation of unsafe queries and then allow the injection of unwanted data into the database. Ease of Attack: Medium since it requires an authenticated user to trigger the attack
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2017-16510WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723. |
|