CVE-2021-41460
published 2022-06-28CVE-2021-41460: ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.
PriorityP259high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
6.79%
93.2th percentile
ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| shopex | ecshop | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts targeting ECShop's delete_cart_goods.php via POST requests containing SQL injection payloads using updatexml() error-based injection in the 'id' parameter. ↗
- →Look for the string 'c8c605999f3d8352d7bb792cf3fdb25' (partial MD5 of 999999999) in HTTP response bodies as a canary indicating successful SQL injection exploitation. ↗
- →Flag POST requests to delete_cart_goods.php with Content-Type: application/x-www-form-urlencoded where the 'id' parameter contains pipe/OR operators combined with updatexml or other SQL error-based functions. ↗
- →Use FOFA queries 'product="ECShop"' or 'product="ecshop"' to identify exposed ECShop 4.1.0 instances for proactive scanning. ↗
- ·The exploit uses a numeric canary value (999999999) whose partial MD5 hash ('c8c605999f3d8352d7bb792cf3fdb25') is matched in the response body. Detection signatures should account for this specific probe value but real attackers may use different numeric inputs, producing different hashes. ↗
- ·The vulnerability is unauthenticated (PR:N, UI:N per CVSS), meaning no session or login is required to exploit the endpoint, broadening the attacker surface. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
ECShop 4.1.0 - SQL Injection
nuclei·CVSS 7.5
CVE-2021-41460 [HIGH] ECShop 4.1.0 - SQL Injection
ECShop 4.1.0 - SQL Injection
ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.
Template:
id: CVE-2021-41460
info:
name: ECShop 4.1.0 - SQL Injection
author: SleepingBag945
severity: high
description: |
ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
remediation: |
Apply the latest patch or upgrade to a newer version of ECShop to mitigate the SQL Injection vulnerability (CVE-2021-41460).
reference:
- https://www.cnvd.org.cn/flaw/show/CNVD-2020-58823
- https://nvd.nis
2022-06-28
Published