cbcvebase.
CVE-2021-26830
published 2021-04-16

CVE-2021-26830: SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID`…

PriorityP265critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
4.57%
90.4th percentile
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.

Affected

2 ranges
VendorProductVersion rangeFixed in
tribalsystemszenario
tribalsystemszenario>= 0 < 8.8.533708.8.53370

Detection & IOCsextracted from sources · hover to see the quote

pathajax.php
  • Monitor POST requests to ajax.php targeting the Plugin library delete module with anomalous or SQL-syntax-containing values in the 'id' parameter, indicative of blind SQL injection attempts.
  • The attack requires prior authentication with admin credentials; correlate suspicious SQL injection activity in ajax.php with preceding admin login events.
  • The injection point is the 'id' parameter in the Plugin Library delete request; flag requests where 'id' contains SQL metacharacters or time-delay payloads (blind SQLi pattern).
  • ·The NVD entry references version 8.8.52729, while the Exploit-DB PoC targets version 8.8.53370; both versions are confirmed vulnerable, so detections should not be scoped to a single build number.
  • ·Exploitation is a blind (time-based/boolean) SQL injection, meaning malicious requests may not return obvious error responses — passive WAF rules relying on error-based signatures may miss this attack.

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.