CVE-2021-45793
published 2022-03-17CVE-2021-45793: Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.
PriorityP258high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
4.64%
90.6th percentile
Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| slims | senayan_library_management_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandcomment=%27and%2F**%2F1%3D%28updatexml%281%2Cconcat%280x3a%2Cmd5%28{{num}}%29%29%2C1%29%29%2F**%2Fand%2F**%2F%271%27%3D%271&SaveComment=Save+comment↗
- →Detect exploitation attempts by monitoring POST requests to /index.php?p=show_detail containing SQL injection payloads in the 'comment' parameter, specifically using updatexml() and md5() error-based injection patterns. ↗
- →Match the partial MD5 canary string 'c8c605999f3d8352d7bb792cf3fd' in HTTP response bodies as a confirmation of successful SQL injection exploitation (md5(999999999)). ↗
- →Flag URL-encoded SQL injection patterns in the 'comment' POST parameter targeting lib/comment.inc.php, particularly sequences containing %27and%2F**%2F (i.e., 'and/**/) which are characteristic of comment-obfuscated SQL injection. ↗
- →Monitor for the multi-step attack flow: GET /index.php?p=member (CSRF token harvest) → POST login → GET /index.php?p=show_detail → POST comment injection, indicating automated exploitation of CVE-2021-45793. ↗
- ·The vulnerability is in Slims9 Bulian version 9.4.2 specifically; the affected file is lib/comment.inc.php. The SQL injection is triggered via the 'comment' POST parameter on the show_detail page. ↗
- ·Exploitation requires authentication (login step is part of the attack flow), meaning the attacker must first obtain valid credentials before injecting via the comment field. ↗
- ·The exploit uses CSRF token extraction from the login and show_detail pages before submitting the injection payload; detection rules must account for this multi-step session-based flow. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Slims9 Bulian 9.4.2 - SQL Injection
nuclei·CVSS 7.5
CVE-2021-45793 [HIGH] Slims9 Bulian 9.4.2 - SQL Injection
Slims9 Bulian 9.4.2 - SQL Injection
Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.
Template:
id: CVE-2021-45793
info:
name: Slims9 Bulian 9.4.2 - SQL Injection
author: nblirwn
severity: high
description: |
Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.
impact: |
Authenticated attackers can exploit SQL injection in the comment field to extract database contents including user credentials and sensitive library data.
remediation: |
Upgrade to Slims9 Bulian version 9.4.3 or later.
reference:
- https://github.com/slims/slims9_bulian/issues/123
- https://nvd.nist.gov/vuln/detail/CVE-2021-45793
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-
No writeups or analysis indexed.
2022-03-17
Published