SharePoint deser RCE, OpenShift HAProxy injection, and a WordPress SQLi from 2018

WP AutoSuggest 0.24 has an unauthenticated SQL injection bug in its autosuggest.php file. An attacker can send a crafted GET request with a malicious wpas_keys parameter and pull data straight out of your WordPress database, including posts, user tables, and anything else stored there. No login required.

Included because

unauthenticated; internet-facing; SQL injection; no patch available from maintainer

Affected estate

Any WordPress installation with the WP AutoSuggest plugin version 0.24 installed and active.

How to check

Check wp-content/plugins/wp-autosuggest/ for the plugin directory, or run: wp plugin list --status=active | grep autosuggest in WP-CLI.

Action

Deactivate and delete the plugin. Review database logs and wp_users table for unauthorized access or new admin accounts.

Urgency

Patch immediately

Why it matters

Unauthenticated SQL injection against an internet-facing endpoint means anyone can dump your entire WordPress database, including credentials and private content.

Source

NVD

FlexRIC v2.0.0's near-RT RIC process crashes when it receives certain valid but unimplemented E2AP message types. The message passes the whitelist check, but the handler calls assert(0) unconditionally, killing the process with SIGABRT. A remote unauthenticated attacker can take down the RIC by sending a single crafted E2AP PDU to port 36421.

Included because

unauthenticated; remote crash; denial of service; CVSS 7.5

Affected estate

FlexRIC v2.0.0 near-RT RIC instances listening on port 36421.

How to check

Confirm the FlexRIC version from source or package metadata, and verify whether port 36421 is exposed to untrusted networks using netstat or ss.

Action

Apply firewall rules to restrict port 36421 to known E2 node IPs. Upgrade FlexRIC when a patched release is published.

Urgency

Patch this week

Why it matters

A single unauthenticated packet can crash your RIC process, disrupting near-real-time radio resource management.

Source

NVD

FlexRIC v2.0.0 crashes when it receives an E2AP message with more Information Elements than it expects. The code uses hardcoded assertions on exact IE counts instead of checking valid ranges, so a legitimate-looking PDU with extra optional fields triggers SIGABRT. This affects both the near-RT RIC (port 36421) and iApp (port 36422), and requires no authentication.

Included because

unauthenticated; remote crash; denial of service; two affected components; CVSS 7.5

Affected estate

FlexRIC v2.0.0 near-RT RIC (port 36421) and iApp (port 36422) processes.

How to check

Verify FlexRIC version and check whether ports 36421 and 36422 accept connections from untrusted sources.

Action

Firewall ports 36421 and 36422 to permit only known, trusted peers. Monitor for unexpected SIGABRT crashes in RIC and iApp logs.

Urgency

Patch this week

Why it matters

Unauthenticated remote crash of both the RIC and iApp processes can disrupt real-time radio network control functions.

Source

NVD

OpenShift's Route resource doesn't properly validate the spec.path field, letting an attacker inject arbitrary HAProxy configuration. If someone can create or modify Route objects in your cluster, they can tamper with the router's behavior, potentially intercepting or redirecting traffic for other routes. This is a high-impact bug because HAProxy config injection can affect all traffic flowing through the ingress router.

Included because

config injection; affects shared ingress infrastructure; CVSS 8.8; common enterprise platform

Affected estate

OpenShift Container Platform clusters using the default HAProxy-based ingress router. Any namespace where users can create Route objects is a potential attack surface.

How to check

Run: oc get routes --all-namespaces -o json | jq '.items[].spec.path' to look for unusual or suspicious path values. Check your OCP version with: oc version.

Action

Update OpenShift Container Platform to the latest patched release. Audit Route RBAC to ensure only trusted users can create or modify Route resources.

Urgency

Patch within 24 hours

Why it matters

HAProxy config injection on the ingress router could let an attacker intercept, redirect, or disrupt traffic across your entire cluster.

Source

Red Hat Security Advisory