CVE-2021-3239
published 2021-02-15CVE-2021-3239: E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web…
PriorityP276critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
17.93%
96.8th percentile
E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| e-learning_system_project | e-learning_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring HTTP GET requests to `lesson.php` (or `caiwl/lesson.php`) containing a UNION SELECT payload with `md5()` in the `id` parameter. ↗
- →Successful exploitation can be confirmed by the presence of the MD5 hash `c8c605999f3d8352d7bb792cf3fdb25b` (md5 of 999999999) in the HTTP response body. ↗
- →Use Shodan/FOFA queries to identify exposed E-Learning System 1.0 instances as potential targets: `http.title:"E-Learning System"` / `title="E-Learning System"`. ↗
- →The exploit requires no authentication — any unauthenticated GET request to the vulnerable endpoint with a UNION-based SQLi payload should be treated as an attack attempt. ↗
- ·Two path variants exist for the vulnerable endpoint; both should be monitored — one under the `/caiwl/` subdirectory and one at the web root. ↗
- ·The nuclei template uses `stop-at-first-match: true`, meaning only the first matching path is tested per scan run; detection rules should cover both paths independently. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
E-Learning System 1.0 - SQL Injection
nuclei·CVSS 9.8
CVE-2021-3239 [CRITICAL] E-Learning System 1.0 - SQL Injection
E-Learning System 1.0 - SQL Injection
E-Learning System 1.0 contains an unauthenticated SQL injection caused by unsanitized input, letting remote attackers execute arbitrary code on the server and gain a reverse shell, exploit requires no authentication.
Template:
id: CVE-2021-3239
info:
name: E-Learning System 1.0 - SQL Injection
author: xuxeong
severity: critical
description: |
E-Learning System 1.0 contains an unauthenticated SQL injection caused by unsanitized input, letting remote attackers execute arbitrary code on the server and gain a reverse shell, exploit requires no authentication.
impact: |
Attackers can execute arbitrary code on the server, leading to full system compromise and remote control.
remediation: |
Apply input validation and parameterized queries, update to the l
No writeups or analysis indexed.
https://github.com/TCSWT/E-Learning-System/blob/main/README.mdhttps://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/janobe/CVE-nu11-101821https://packetstormsecurity.com/files/160966/E-Learning-System-1.0-SQL-Injection-Shell-Upload.htmlhttps://www.exploit-db.com/exploits/49434https://www.sourcecodester.com/php/12808/e-learning-system-using-phpmysqli.htmlhttps://github.com/TCSWT/E-Learning-System/blob/main/README.mdhttps://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/janobe/CVE-nu11-101821https://packetstormsecurity.com/files/160966/E-Learning-System-1.0-SQL-Injection-Shell-Upload.htmlhttps://www.exploit-db.com/exploits/49434https://www.sourcecodester.com/php/12808/e-learning-system-using-phpmysqli.html
2021-02-15
Published