CVE-2021-26599 Scanner

ImpressCMS is a content management system (CMS) widely used for building websites and portals. It is favored by web developers and administrators for its flexibility and ease of use. Organizations across various sectors, including education, government, and business, utilize ImpressCMS to manage their online content effectively. The platform allows for extensive customization through themes and modules, making it a popular choice for tailored website solutions. ImpressCMS aims to offer a secure and user-friendly interface for managing complex websites. It supports collaborative content creation and management, enabling teams to work together seamlessly.

SQL Injection is a critical vulnerability that allows attackers to interfere with the queries an application makes to its database. This specific vulnerability in ImpressCMS versions before 1.4.3 involves the 'groups' parameter in the include/findusers.php endpoint. Malicious individuals can exploit this flaw to execute arbitrary SQL queries, potentially leading to unauthorized access and data breaches. SQL Injection poses significant security risks as it can compromise the confidentiality, integrity, and availability of data stored in the database. Attackers might extract sensitive information or manipulate the database for malicious purposes.

Technical details of the vulnerability include its presence in the 'groups' parameter of the include/findusers.php script. Attackers can utilize specially crafted SQL payloads, such as time-based blind SQL Injection, to manipulate database queries. By leveraging the vulnerable 'groups' parameter, an attacker can execute sleep functions or other malicious SQL commands to gather information about the database structure or extract protected data. The use of sleep functions in the payload, such as '1%%%%20OR%%%%20SLEEP(7)#', illustrates the time delay technique employed to infer the success of the exploit. This vulnerability can be detected by observing response times and inspecting the HTTP status code and body content.

Exploiting this vulnerability can have devastating effects on an organization using ImpressCMS. Attackers can gain unauthorized access to the database, extract confidential information, and potentially escalate privileges for further attacks. Compromised systems may suffer from data breaches, leading to financial and reputational damage. Additionally, attackers could manipulate or delete critical data, resulting in operational disruptions. This SQL Injection vulnerability undermines trust in the affected websites, causing long-term harm to the organization and its stakeholders.

REFERENCES

• https://hackerone.com/reports/1081145
• http://karmainsecurity.com/KIS-2022-04
• https://nvd.nist.gov/vuln/detail/CVE-2021-26599