CVE-2021-25899
published 2021-04-23CVE-2021-25899: An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind…
PriorityP179high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
12.25%
95.7th percentile
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| void | aurall_rec_monitor | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring POST requests to /AurallRECMonitor/services/svc-login.php with SQL time-based blind injection payloads in the param1 parameter (e.g., SLEEP function calls). ↗
- →Flag HTTP responses with status 200, Content-Type text/html, and body containing 'Contacte con el administrador' following a POST to svc-login.php with a response duration >= 7 seconds, indicating successful SLEEP-based SQLi trigger. ↗
- →Use Shodan queries html:"AURALL" or http.html:"aurall" to identify exposed Void Aural Rec Monitor instances on the internet. ↗
- ·The Nuclei template uses a 15-second HTTP timeout (@timeout: 15s) and a SLEEP(7) payload; tuning the duration threshold may be necessary in high-latency environments to avoid false positives or false negatives. ↗
- ·The vulnerability requires no authentication (PR:N), meaning any unauthenticated network request to the endpoint is sufficient to attempt exploitation. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3m64-mc9g-274w: An issue was discovered in svc-login
ghsa_unreviewed·2022-05-24
CVE-2021-25899 [HIGH] CWE-89 GHSA-3m64-mc9g-274w: An issue was discovered in svc-login
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.
VulnCheck
void aurall_rec_monitor Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2021·CVSS 7.5
CVE-2021-25899 [HIGH] void aurall_rec_monitor Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
void aurall_rec_monitor Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.
Affected: void aurall_rec_monitor
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-22&host_type=src&vulnerability=cve-2021-25899; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-23&host_type=src&vulnerability=cve-2
No detection rules found.
Nuclei
Void Aural Rec Monitor 9.0.0.1 - SQL Injection
nuclei·CVSS 7.5
CVE-2021-25899 [HIGH] Void Aural Rec Monitor 9.0.0.1 - SQL Injection
Void Aural Rec Monitor 9.0.0.1 - SQL Injection
Void Aural Rec Monitor 9.0.0.1 contains a SQL injection vulnerability in svc-login.php. An attacker can send a crafted HTTP request to perform a blind time-based SQL injection via the param1 parameter and thus possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
Template:
id: CVE-2021-25899
info:
name: Void Aural Rec Monitor 9.0.0.1 - SQL Injection
author: edoardottt
severity: high
description: |
Void Aural Rec Monitor 9.0.0.1 contains a SQL injection vulnerability in svc-login.php. An attacker can send a crafted HTTP request to perform a blind time-based SQL injection via the param1 parameter and thus possibly obtain sensitive information, modify dat
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/all-your-databases-belong-to-me-a-blind-sqli-case-study/https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28765https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/all-your-databases-belong-to-me-a-blind-sqli-case-study/https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28765
2021-04-23
Published
Exploited in the wild