vpatch-CVE-2023-23489 AppSec Rule

« vpatch-CVE-2023-23489 »
v0.1 by crowdsecurity
AppSec rule

WordPress Easy Digital Downloads plugin SQL injection (CVE-2023-23489)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2023-23489

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2023-23489
2description: "WordPress Easy Digital Downloads plugin SQL injection (CVE-2023-23489)"
3rules:
4  - and:
5    - zones:
6      - METHOD
7      match:
8        type: equals
9        value: GET
10    - zones:
11      - URI
12      transform:
13      - lowercase
14      match:
15        type: equals
16        value: /wp-admin/admin-ajax.php
17    - zones:
18      - ARGS
19      variables:
20       - action
21      transform:
22      - lowercase
23      match:
24        type: equals
25        value: "edd_download_search"
26    - zones:
27      - ARGS
28      variables:
29       - s
30      match:
31        type: libinjectionSQL
32labels:
33  type: exploit
34  service: http
35  confidence: 3
36  spoofable: 0
37  behavior: "http:exploit"
38  label: "WordPress Easy Digital Downloads plugin SQL injection"
39  classification:
40   - cve.CVE-2023-23489
41   - attack.T1595
42   - attack.T1190
43   - cwe.CWE-89

Hub Appsec rule

« vpatch-CVE-2023-23489 »v0.1 by crowdsecurityAppSec rule

« vpatch-CVE-2023-23489 »
v0.1 by crowdsecurity
AppSec rule