CVE-2021-26830
published 2021-04-16CVE-2021-26830: SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID`…
PriorityP265critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
4.57%
90.4th percentile
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tribalsystems | zenario | — | — |
| tribalsystems | zenario | >= 0 < 8.8.53370 | 8.8.53370 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor POST requests to ajax.php targeting the Plugin library delete module with anomalous or SQL-syntax-containing values in the 'id' parameter, indicative of blind SQL injection attempts. ↗
- →The attack requires prior authentication with admin credentials; correlate suspicious SQL injection activity in ajax.php with preceding admin login events. ↗
- →The injection point is the 'id' parameter in the Plugin Library delete request; flag requests where 'id' contains SQL metacharacters or time-delay payloads (blind SQLi pattern). ↗
- ·The NVD entry references version 8.8.52729, while the Exploit-DB PoC targets version 8.8.53370; both versions are confirmed vulnerable, so detections should not be scoped to a single build number. ↗
- ·Exploitation is a blind (time-based/boolean) SQL injection, meaning malicious requests may not return obvious error responses — passive WAF rules relying on error-based signatures may miss this attack. ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-raspi-5.4 vulnerabilities
osv·2024-09-02·CVSS 5.5
CVE-2024-24860 linux-raspi-5.4 vulnerabilities
linux-raspi-5.4 vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SuperH RISC architecture;
- MMC subsystem;
- Network drivers;
- SCSI drivers;
- GFS2 file system;
- IPv4 networking;
- IPv6 networking;
- HD-audio driver;
(CVE-2024-26830, CVE-2024-39484, CVE-2024-36901, CVE-2024-26929,
CVE-2024-26921, CVE-2021-46926, CVE-2023-52629, CVE-2023-52760)
OSV
linux-aws-5.4 vulnerabilities
osv·2024-08-26·CVSS 5.5
CVE-2024-24860 linux-aws-5.4 vulnerabilities
linux-aws-5.4 vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SuperH RISC architecture;
- MMC subsystem;
- Network drivers;
- SCSI drivers;
- GFS2 file system;
- IPv4 networking;
- IPv6 networking;
- HD-audio driver;
(CVE-2024-26830, CVE-2024-39484, CVE-2024-36901, CVE-2024-26929,
CVE-2024-26921, CVE-2021-46926, CVE-2023-52629, CVE-2023-52760)
OSV
linux-azure-5.4 vulnerabilities
osv·2024-08-23·CVSS 5.5
CVE-2024-24860 linux-azure-5.4 vulnerabilities
linux-azure-5.4 vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SuperH RISC architecture;
- MMC subsystem;
- Network drivers;
- SCSI drivers;
- GFS2 file system;
- IPv4 networking;
- IPv6 networking;
- HD-audio driver;
(CVE-2024-26830, CVE-2024-39484, CVE-2024-36901, CVE-2024-26929,
CVE-2024-26921, CVE-2021-46926, CVE-2023-52629, CVE-2023-52760)
OSV
SQL Injection in tribalsystems/zenario
osv·2022-03-18
CVE-2021-26830 [CRITICAL] SQL Injection in tribalsystems/zenario
SQL Injection in tribalsystems/zenario
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 and prior allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
GHSA
SQL Injection in tribalsystems/zenario
ghsa·2022-03-18
CVE-2021-26830 [CRITICAL] CWE-89 SQL Injection in tribalsystems/zenario
SQL Injection in tribalsystems/zenario
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 and prior allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
No detection rules found.
No writeups or analysis indexed.
2021-04-16
Published