CVE-2021-39165 Scanner
Detects 'SQL Injection' vulnerability in Cachet affects versions up to and including 2.3.18, potentially leading to unauthorized data access.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
4 weeks
Scan only one
Domain, IPv4
Toolbox
-
Cachet is an open-source status page system designed for companies to communicate with their users about system outages and maintenance activities. It allows the creation and management of status pages that display service downtime and system performance. Cachet is widely used for its simplicity and effectiveness in delivering real-time status updates. It's developed in PHP and utilizes Laravel, making it a popular choice for businesses looking for a customizable status page solution. However, vulnerabilities like CVE-2021-39165 pose significant risks by allowing SQL injection attacks.
The vulnerability stems from improper input validation in the application's API endpoints. Specifically, the `SearchableTrait#scopeSearch()` function fails to sanitize user input for certain parameters, enabling SQL injection. Attackers can exploit this by crafting malicious requests to the API, leading to the execution of unauthorized SQL queries against the application's database.
Exploitation of this vulnerability could lead to data leakage, including sensitive customer information and system configurations. Attackers might also gain unauthorized access to administrative functions, modify data, or even escalate privileges within the application. In worst-case scenarios, it could result in a full compromise of the affected system and underlying database.
By leveraging S4E's advanced scanning capabilities, users can detect vulnerabilities like CVE-2021-39165 early in their development cycle. Our platform provides detailed insights and remediation guidance to help secure your applications against SQL injection and other critical security threats. Joining S4E enables access to a comprehensive suite of security tools designed to enhance your organization's cyber resilience.
References
- https://www.leavesongs.com/PENETRATION/cachet-from-laravel-sqli-to-bug-bounty.html
- https://github.com/fiveai/Cachet/commit/27bca8280419966ba80c6fa283d985ddffa84bb6
- https://github.com/W0rty/CVE-2021-39165/blob/main/exploit.py
- https://nvd.nist.gov/vuln/detail/CVE-2021-39165
- https://github.com/fiveai/Cachet/security/advisories/GHSA-79mg-4w23-4fqc