vpatch-CVE-2024-1071 AppSec Rule

« vpatch-CVE-2024-1071 »
v0.2 by crowdsecurity
AppSec rule

WordPress Ultimate Member - SQL Injection (CVE-2024-1071)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2024-1071

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2024-1071
2description: "WordPress Ultimate Member - SQL Injection (CVE-2024-1071)"
3rules:
4  - and:
5    - zones:
6      - METHOD
7      match:
8        type: equals
9        value: POST
10    - zones:
11      - URI
12      transform:
13      - lowercase
14      match:
15        type: contains
16        value: /wp-admin/admin-ajax.php
17    - zones:
18      - ARGS
19      variables:
20      - action
21      transform:
22      - lowercase
23      match:
24        type: equals
25        value: um_get_members
26    - zones:
27      - BODY_ARGS
28      variables:
29      - sorting
30      match:
31        type: libinjectionSQL
32
33labels:
34  type: exploit
35  service: http
36  confidence: 3
37  spoofable: 0
38  behavior: "http:exploit"
39  label: "WordPress Ultimate Member - SQL Injection"
40  classification:
41   - cve.CVE-2024-1071
42   - attack.T1595
43   - attack.T1190
44   - cwe.CWE-89

Hub Appsec rule

« vpatch-CVE-2024-1071 »v0.2 by crowdsecurityAppSec rule

« vpatch-CVE-2024-1071 »
v0.2 by crowdsecurity
AppSec rule