cbcvebase.
CVE-2021-25899
published 2021-04-23

CVE-2021-25899: An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind…

PriorityP179high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
12.25%
95.7th percentile
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.

Affected

1 ranges
VendorProductVersion rangeFixed in
voidaurall_rec_monitor

Detection & IOCsextracted from sources · hover to see the quote

path/AurallRECMonitor/services/svc-login.php
commandparam1=dummy'+AND+(SELECT+1+FROM+(SELECT(SLEEP(7)))dummy)--+dummy&param2=test
othershodan:html:"AURALL"
otherfofa:body="aurall"
  • Detect exploitation attempts by monitoring POST requests to /AurallRECMonitor/services/svc-login.php with SQL time-based blind injection payloads in the param1 parameter (e.g., SLEEP function calls).
  • Flag HTTP responses with status 200, Content-Type text/html, and body containing 'Contacte con el administrador' following a POST to svc-login.php with a response duration >= 7 seconds, indicating successful SLEEP-based SQLi trigger.
  • Use Shodan queries html:"AURALL" or http.html:"aurall" to identify exposed Void Aural Rec Monitor instances on the internet.
  • ·The Nuclei template uses a 15-second HTTP timeout (@timeout: 15s) and a SLEEP(7) payload; tuning the duration threshold may be necessary in high-latency environments to avoid false positives or false negatives.
  • ·The vulnerability requires no authentication (PR:N), meaning any unauthenticated network request to the endpoint is sufficient to attempt exploitation.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.