vpatch-CVE-2023-23488 AppSec Rule

« vpatch-CVE-2023-23488 »
v0.2 by crowdsecurity
AppSec rule

Wordpress Paid Memberships Pro Blind SQLi (CVE-2023-23488)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2023-23488

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2023-23488
2description: "Wordpress Paid Memberships Pro Blind SQLi (CVE-2023-23488)"
3rules:
4  - and:
5    - zones:
6        - METHOD
7      match:
8        type: equals
9        value: GET
10    - zones:
11        - ARGS
12      variables:
13        - rest_route
14      transform:
15      - lowercase
16      match:
17        type: contains
18        value: /pmpro/v1/order
19    - zones:
20        - ARGS
21      transform:
22        - lowercase
23      variables:
24        - code
25      match:
26        type: libinjectionSQL
27labels:
28  type: exploit
29  service: http
30  confidence: 3
31  spoofable: 0
32  behavior: "http:exploit"
33  label: "Wordpress Paid Memberships Pro Blind SQLi"
34  references:
35    - https://nvd.nist.gov/vuln/detail/CVE-2023-23488
36  classification:
37   - cve.CVE-2023-23488
38   - attack.T1595
39   - attack.T1190
40   - cwe.CWE-89

Hub Appsec rule

« vpatch-CVE-2023-23488 »v0.2 by crowdsecurityAppSec rule

« vpatch-CVE-2023-23488 »
v0.2 by crowdsecurity
AppSec rule