CVE-2021-45793 Scanner
CVE-2021-45793 Scanner - SQL Injection vulnerability in Slims9 Bulian
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
13 days 20 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
Slims9 Bulian is an open-source library management system widely used in educational institutions and public libraries. It provides an interface for managing library resources, user accounts, and lending activities. The software is web-based, allowing users to access it through a browser. It supports various user roles, including administrators, librarians, and members. Due to its open-source nature, organizations can customize and extend its functionalities. The software's database-driven design makes it susceptible to SQL Injection attacks if not properly secured.
The SQL Injection vulnerability in Slims9 Bulian 9.4.2 exists in the `comment.inc.php` file. This flaw allows an attacker to inject malicious SQL queries into the database. Exploiting this vulnerability does not require authentication, making it a critical security risk. An attacker can manipulate database queries to retrieve sensitive information such as user credentials. The vulnerability can also allow database modification, potentially leading to data corruption or unauthorized access. Affected organizations should address this issue by applying input validation and sanitization.
The vulnerability resides in the comment submission functionality of the application. Specifically, it occurs due to improper handling of user input in SQL queries. Attackers can use specially crafted payloads in the `comment` parameter to inject SQL commands. The flaw can be exploited by sending a POST request to the `/index.php?p=show_detail&id=1` endpoint. Successful exploitation can return database responses containing sensitive information. The application does not properly escape user-supplied data, leading to direct execution of malicious SQL statements.
Exploiting this vulnerability can have severe consequences for affected organizations. Attackers can obtain user credentials, including administrator passwords stored in the database. Unauthorized access to library records and user information can lead to privacy violations. If the database permissions are not properly restricted, attackers may modify or delete critical data. In some cases, successful SQL Injection can provide attackers with administrative control over the application. This can further lead to privilege escalation and full system compromise.
REFERENCES
