vpatch-CVE-2024-27956 AppSec Rule

« vpatch-CVE-2024-27956 »
v0.1 by crowdsecurity
AppSec rule

WordPress Automatic Plugin - SQLi (CVE-2024-27956)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2024-27956

YAML Configuration

1
2name: crowdsecurity/vpatch-CVE-2024-27956
3description: "WordPress Automatic Plugin - SQLi (CVE-2024-27956)"
4rules:
5  - and:
6    - zones:
7      - METHOD
8      match:
9        type: equals
10        value: POST
11    - zones:
12      - URI
13      transform:
14      - lowercase
15      match:
16        type: endsWith
17        value: /wp-content/plugins/wp-automatic/inc/csv.php
18    - zones:
19      - BODY_ARGS
20      variables:
21       - auth
22      match:
23        type: contains
24        value: "\x00"
25labels:
26  type: exploit
27  service: http
28  confidence: 3
29  spoofable: 0
30  behavior: "http:exploit"
31  label: "WordPress Automatic Plugin - SQLi"
32  classification:
33   - cve.CVE-2024-27956
34   - attack.T1595
35   - attack.T1190
36   - cwe.CWE-502

Hub Appsec rule

« vpatch-CVE-2024-27956 »v0.1 by crowdsecurityAppSec rule

« vpatch-CVE-2024-27956 »
v0.1 by crowdsecurity
AppSec rule