Trustwave SpiderLabsĀ® is pleased to announce the release of CorSigs version 4.53 for Trustwave Web Application Firewall (WAF) versions 8.5 and 9.0. These rules are written to detect attacks or classes of attacks on web applications and their components.
Release Summary
This release includes an out of date rules cleanup and the following new signatures inclusion:
- Joomla! Component BT Media 1.0 SQLi
The BT Media 1.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Joomla! Component Guru Pro SQLi
The Guru Pro component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Joomla! Component PayPlans 3.3.6 SQLi
The PayPlans 3.3.6 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Joomla! Component com_publisher SQLi
The publisher component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Joomla! Component CCNewsLetter 2.1.9 SQLi
The CCNewsLetter 2.1.9 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Joomla! Component Event Registration Pro Calendar 4.1.3 SQLi
The Event Registration Pro Calendar 4.1.3 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Joomla! Component LMS King Professional 3.2.4.0 SQLi
The LMS King Professional 3.2.4.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Joomla! Component PHP-Bridge 1.2.3 SQLi
The PHP-Bridge 1.2.3 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Joomla! Component SIMGenealogy 2.1.5 SQLi
The SIMGenealogy 2.1.5 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Joomla! Component Ultimate Property Listing 1.0.2 SQLi
The Ultimate Property Listing 1.0.2 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- GitHub Enterprise 2.8.7 RCE SSRF
GitHub Enterprise below 2.8.7 allows an attacker attacker with network access via HTTP to compromise vulnerable component, resulting with possible server takeover.
- Easy Web Search 4.0 SQLi
Easy Web Search 4.0 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- FTP Made Easy PRO 1.2 SQLi
FTP Made Easy PRO 1.2 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Joomla! Component Quiz Deluxe 3.7.4 SQLi
The Quiz Deluxe 3.7.4 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Joomla! Component OSDownloads 1.7.4 SQLi
The OSDownloads 1.7.4 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Joomla! Component Photo Contest 1.0.2 SQLi
The Photo Contest 1.0.2 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Joomla! Component Price Alert 3.0.2 SQLi
The Price Alert 3.0.2 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Joomla! Component Quiz Deluxe 3.7.4 SQLi
The Quiz Deluxe 3.7.4 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Joomla! Component Responsive Portfolio 1.6.1 SQLi
The Responsive Portfolio 1.6.1 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Joomla! Component Survey Force Deluxe 3.2.4 SQLi
The Survey Force Deluxe 3.2.4 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Joomla! Component Zap Calendar Lite 4.3.4 SQLi
The Zap Calendar Lite 4.3.4 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Multi Level Marketing service_detail.php SQLi
The Service Detail of Multi Level Marketing allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Multi Level Marketing SQLi news_detail
The News Detail of Multi Level Marketing allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Multi Level Marketing event_detail.php SQLi
The Event Detail of Multi Level Marketing allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- PHP Dashboards 4.4 SQLi
PHP Dashboards 4.4 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- CVE-2017-6089: phpCollab deletetopics.php 2.5.1 SQLi
The deletetopics plugin of phpCollab 2.5.1 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- CVE-2017-6089: phpCollab 2.5.1 SQLi
The deletebookmarks plugin of phpCollab 2.5.1 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- CVE-2017-15965: Joomla! Component NS Download Shop 2.2.6 SQLi
The NS Download Shop 2.2.6 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Joomla! Component Sponsor Wall 8.0 SQLi
The Sponsor Wall 8.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- CVE-2017-15966: Joomla! Component Zh YandexMap 6.1.1.0 SQLi
The Zh YandexMap 6.1.1.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- CVE-2017-15970: PHP CityPortal 2.0 SQLi
PHP CityPortal 2.0 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- CVE-2017-15081: PHP Melody 2.6.1 SQLi
PHP Melody 2.6.1 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- CVE-2017-15968: MyBuilder Clone 1.0 SQLi
MyBuilder Clone 1.0 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- CVE-2017-15961: iProject Management System 1.0 SQLi
iProject Management System 1.0 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- CVE-2017-15958: D-Park Pro 1.0 SQLi
D-Park Pro Domain Parking Script 1.0 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Oracle People Soft RCE
Oracle People Soft allows an unauthenticated attacker to compromise vulnerable component that leads to remote code execution
- CVE-2017-14960: EMC xPression 4.5SP1 Patch 13 xDashboard SQLi
EMC xDashboard below v4.5SP1 Patch 13 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- CVE-2017-17875: Joomla! Component JEXTN FAQ Pro 4.0.0 SQLi
The JEXTN FAQ Pro 4.0.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- Joomla! Component User Bench 1.0 SQLi
The User Bench 1.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- CVE-2018-5211: PHP Melody 2.7.1 SQLi
PHP Melody 2.7.1 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- WordPress Plugin Admin Menu Tree Page View 2.6.9 XSS
The Admin Menu Tree Page View 2.6.9 plugin for WordPress allows an attacker could perform a Persistent XSS attack if the victim has administrative rights.
- WordPress Plugin CMS Tree Page View 1.4 XSS
The CMS Tree Page View 1.4 plugin for WordPress allows an attacker could perform a Persistent XSS attack if the victim has administrative rights.
- CVE-2018-5315: WordPress Plugin Events Calendar SQLi
The Events Calendar 1.0 plugin for WordPress allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- CVE-2018-3811: WordPress Plugin Smart Google Code Inserter 3.5 SQLi
The Smart Google Code Inserter 3.5 plugin for WordPress allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
- WordPress Plugin Social Media Widget by Acurax 3.2.5 XSS
The Social Media Widget by Acurax 3.2.5 plugin for WordPress allows an attacker could perform a Persistent XSS attack if the victim has administrative rights.
- vBulletin routestring Unauthenticated RCE
vBulletin version 5 allows a remote attacker to include unauthenticated file that leads to remote code execution
How to Update
No action is required by customers running versions 8.5 or 9.0 of Trustwave WAF who subscribe to the online update feature. Their deployments will update automatically.
Please note that even if blocking actions are defined for a protected site, Simulation Mode for these rules is ON by default to allow site managers to inspect the impact of new rules before blocking relevant traffic. If you want to activate blocking actions for this rule, you must update the Actions for this signature in the Policy Manager.