cbcvebase.
CVE-2021-43481
published 2022-04-20

CVE-2021-43481: An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
5.45%
91.7th percentile
An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.

Affected

2 ranges
VendorProductVersion rangeFixed in
webtareas_projectwebtareas< 2.42.4
webtareas_projectwebtareas

Detection & IOCsextracted from sources · hover to see the quote

urleditapprovalstage.php
other$uq (HTTP POST parameter)
  • Monitor HTTP POST requests to editapprovalstage.php for SQL injection payloads in the $uq parameter (e.g., boolean-based blind SQLi patterns such as time delays, conditional responses, or stacked queries).
  • The exploit is authenticated — look for SQLi activity following a successful login session, not just unauthenticated probes.
  • The exploit extracts 'login' and 'password' field values from the database via blind SQLi — alert on repeated POST requests to editapprovalstage.php with incrementally varying $uq values consistent with character-by-character extraction.
  • ·Exploitation requires prior authentication to the WebTareas application; unauthenticated scanning alone will not trigger this vulnerability.
  • ·Affected versions are Webtareas 2.4p3 and earlier; ensure version scope is confirmed before applying detections to avoid false positives on patched instances.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.