From 7a42850c285f53019faedd331352963fcfe05375 Mon Sep 17 00:00:00 2001 From: crowdsec-automation <63358111+crowdsec-automation@users.noreply.github.com> Date: Wed, 17 Jun 2026 12:33:11 +0200 Subject: [PATCH 1/4] Add vpatch-CVE-2024-8529 rule --- .../crowdsecurity/vpatch-CVE-2024-8529.yaml | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 appsec-rules/crowdsecurity/vpatch-CVE-2024-8529.yaml diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2024-8529.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2024-8529.yaml new file mode 100644 index 00000000000..0e8f87f7807 --- /dev/null +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2024-8529.yaml @@ -0,0 +1,34 @@ +## autogenerated on 2026-06-17 10:33:08 +name: crowdsecurity/vpatch-CVE-2024-8529 +description: 'Detects unauthenticated SQL injection in LearnPress via c_fields parameter in /wp-json/learnpress/v1/courses endpoint.' +rules: + - and: + - zones: + - URI + transform: + - lowercase + match: + type: contains + value: /wp-json/learnpress/v1/courses + - zones: + - ARGS + variables: + - c_fields + transform: + - lowercase + - urldecode + match: + type: contains + value: '(' + +labels: + type: exploit + service: http + confidence: 3 + spoofable: 0 + behavior: 'http:exploit' + label: 'LearnPress - SQLI' + classification: + - cve.CVE-2024-8529 + - attack.T1190 + - cwe.CWE-89 From 038be9411f6012878ee1467014d4d5c8447b83cf Mon Sep 17 00:00:00 2001 From: crowdsec-automation <63358111+crowdsec-automation@users.noreply.github.com> Date: Wed, 17 Jun 2026 12:33:13 +0200 Subject: [PATCH 2/4] Add vpatch-CVE-2024-8529 test config --- .appsec-tests/vpatch-CVE-2024-8529/config.yaml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .appsec-tests/vpatch-CVE-2024-8529/config.yaml diff --git a/.appsec-tests/vpatch-CVE-2024-8529/config.yaml b/.appsec-tests/vpatch-CVE-2024-8529/config.yaml new file mode 100644 index 00000000000..dccbb880f91 --- /dev/null +++ b/.appsec-tests/vpatch-CVE-2024-8529/config.yaml @@ -0,0 +1,5 @@ +## autogenerated on 2026-06-17 10:33:08 +appsec-rules: + - ./appsec-rules/crowdsecurity/base-config.yaml + - ./appsec-rules/crowdsecurity/vpatch-CVE-2024-8529.yaml +nuclei_template: CVE-2024-8529.yaml From 8cbe25aaec2ba62cdf2f80d4dc28e93f055dcaf1 Mon Sep 17 00:00:00 2001 From: crowdsec-automation <63358111+crowdsec-automation@users.noreply.github.com> Date: Wed, 17 Jun 2026 12:33:15 +0200 Subject: [PATCH 3/4] Add CVE-2024-8529.yaml test --- .../vpatch-CVE-2024-8529/CVE-2024-8529.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .appsec-tests/vpatch-CVE-2024-8529/CVE-2024-8529.yaml diff --git a/.appsec-tests/vpatch-CVE-2024-8529/CVE-2024-8529.yaml b/.appsec-tests/vpatch-CVE-2024-8529/CVE-2024-8529.yaml new file mode 100644 index 00000000000..66f0eb802de --- /dev/null +++ b/.appsec-tests/vpatch-CVE-2024-8529/CVE-2024-8529.yaml @@ -0,0 +1,18 @@ +## autogenerated on 2026-06-17 10:33:08 +id: CVE-2024-8529 +info: + name: CVE-2024-8529 + author: crowdsec + severity: info + description: CVE-2024-8529 testing + tags: appsec-testing +http: + - raw: + - | + GET /wp-json/learnpress/v1/courses?c_fields=(SELECT(0)FROM(SELECT(SLEEP(8)))a)/*test*/ HTTP/1.1 + Host: {{Hostname}} + cookie-reuse: true + matchers: + - type: status + status: + - 403 From 71e3fae6e6c22819490d36056d7d7798f4b8719f Mon Sep 17 00:00:00 2001 From: crowdsec-automation <63358111+crowdsec-automation@users.noreply.github.com> Date: Wed, 17 Jun 2026 12:33:17 +0200 Subject: [PATCH 4/4] Add vpatch-CVE-2024-8529 rule to vpatch collection --- collections/crowdsecurity/appsec-virtual-patching.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/collections/crowdsecurity/appsec-virtual-patching.yaml b/collections/crowdsecurity/appsec-virtual-patching.yaml index c4f95a425d8..e22caf91bb5 100644 --- a/collections/crowdsecurity/appsec-virtual-patching.yaml +++ b/collections/crowdsecurity/appsec-virtual-patching.yaml @@ -20,6 +20,7 @@ appsec-rules: - crowdsecurity/vpatch-CVE-2023-42793 - crowdsecurity/vpatch-CVE-2023-50164 - crowdsecurity/vpatch-CVE-2023-38205 +- crowdsecurity/vpatch-CVE-2024-8529 - crowdsecurity/vpatch-CVE-2023-24489 - crowdsecurity/vpatch-CVE-2026-23744 - crowdsecurity/vpatch-CVE-2021-3129