{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/filepress--2.2.0/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-8133"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["FilePress (\u003c= 2.2.0)"],"_cs_severities":["high"],"_cs_tags":["sql-injection","vulnerability","web-application"],"_cs_type":"advisory","_cs_vendors":["zyx0814"],"content_html":"\u003cp\u003eA SQL injection vulnerability, identified as CVE-2026-8133, affects zyx0814 FilePress versions up to 2.2.0. The vulnerability resides within the Shares Filelist API, specifically in the \u003ccode\u003edzz/shares/admin.php\u003c/code\u003e file. Attackers can exploit this flaw by manipulating the argument order in requests to this API, leading to the execution of arbitrary SQL queries. Public disclosure of the exploit makes this vulnerability particularly dangerous, as it increases the likelihood of widespread exploitation. A patch, identified as \u003ccode\u003ee20ec58414103f781858f2951d178e19b1736664\u003c/code\u003e, is available to address this issue. This vulnerability allows remote attackers to potentially read, modify, or delete sensitive data stored in the FilePress database.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a FilePress instance running a vulnerable version (\u0026lt;= 2.2.0).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003edzz/shares/admin.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe request includes specially crafted parameters designed to manipulate the argument order in the SQL query.\u003c/li\u003e\n\u003cli\u003eThe application fails to properly sanitize or validate the input, allowing the malicious SQL code to be injected.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code is executed against the FilePress database.\u003c/li\u003e\n\u003cli\u003eThe attacker extracts sensitive information from the database, such as usernames, passwords, or file metadata.\u003c/li\u003e\n\u003cli\u003eThe attacker may further modify database records to escalate privileges or plant malicious code.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to files or system resources, potentially leading to data theft or system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2026-8133) can have significant consequences. Attackers can gain unauthorized access to sensitive data stored in the FilePress database, potentially leading to data breaches and financial losses. Attackers could modify or delete data, disrupt services, or even gain complete control of the affected FilePress instance. Given the public disclosure of the exploit, organizations using FilePress are at an elevated risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch \u003ccode\u003ee20ec58414103f781858f2951d178e19b1736664\u003c/code\u003e provided by zyx0814 to remediate CVE-2026-8133.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect FilePress SQL Injection Attempt via admin.php\u0026rdquo; to your SIEM to identify potential exploitation attempts against the vulnerable \u003ccode\u003edzz/shares/admin.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eReview and harden input validation mechanisms in FilePress to prevent future SQL injection vulnerabilities.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting the \u003ccode\u003edzz/shares/admin.php\u003c/code\u003e endpoint (webserver category).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-05-29T12:00:00Z","date_published":"2024-05-29T12:00:00Z","id":"/briefs/2024-05-filepress-sqli/","summary":"A remote SQL injection vulnerability (CVE-2026-8133) exists in zyx0814 FilePress up to version 2.2.0 via the Shares Filelist API by manipulating the argument order, potentially leading to unauthorized data access or modification.","title":"zyx0814 FilePress SQL Injection Vulnerability (CVE-2026-8133)","url":"https://feed.craftedsignal.io/briefs/2024-05-filepress-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — FilePress (\u003c= 2.2.0)","version":"https://jsonfeed.org/version/1.1"}