HTTP: SQL 'union...select' Command Injection in URL

This signature detects SQL commands within a URL. Because SQL commands are not normally used in HTTP connections, this can indicate a SQL injection attack. However, it can be a false positive. To reduce false positives, it is strongly recommended that these signatures only be used to inspect traffic from the Internet to your organization's Web servers that use SQL backend databases to generate content and not to inspect traffic going from your organization to the Internet.

Extended Description

SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php.

Affected Products

Web-dorado spider_calendar

Short Name
HTTP:SQL:INJ:UNION-SELECT
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
'union...select' CVE-2010-1496 CVE-2010-1701 CVE-2010-1876 CVE-2010-4721 CVE-2010-4829 CVE-2010-4830 CVE-2010-4844 CVE-2010-4860 CVE-2010-4872 CVE-2011-0519 CVE-2011-1546 CVE-2012-4178 CVE-2013-3961 CVE-2014-3996 CVE-2014-8596 CVE-2015-2196 CVE-2015-7235 CVE-2017-5154 CVE-2017-5810 CVE-2017-5811 Command Injection SQL URL bid:95410 in
Release Date
09/15/2010
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Web-dorado

CVSS Score

7.5

6.5

7.8

Found a potential security threat?