Description
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
Affected Software
Related
{"id": "CVE-2021-26830", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-26830", "description": "SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.", "published": "2021-04-16T18:15:00", "modified": "2021-04-19T21:26:00", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 6.4}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.2}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26830", "reporter": "cve@mitre.org", "references": ["https://github.com/TribalSystems/Zenario/releases/tag/8.8.53370"], "cvelist": ["CVE-2021-26830"], "immutableFields": [], "lastseen": "2022-03-23T15:48:29", "viewCount": 59, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:49642"]}], "rev": 4}, "score": {"value": 6.8, "vector": "NONE"}, "twitter": {"counter": 3, "tweets": [{"link": "https://twitter.com/SecRiskRptSME/status/1383685918201053187", "text": "RT:\n\nCVE-2021-26830 SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module. https://t.co/uHy8t5yNoW?amp=1\n\n\u2014 CVE (/CVene\u2026"}, {"link": "https://twitter.com/SecRiskRptSME/status/1383685918201053187", "text": "RT:\n\nCVE-2021-26830 SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module. https://t.co/uHy8t5yNoW?amp=1\n\n\u2014 CVE (/CVene\u2026"}, {"link": "https://twitter.com/VulmonFeeds/status/1468797768672198660", "text": "CVE-2021-26830\n\nSQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin libr...\n\nhttps://t.co/bdmUSxSFz4"}], "modified": "2021-04-28T11:49:16"}, "backreferences": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:49642"]}]}, "exploitation": null, "vulnersScore": 6.8}, "_state": {"dependencies": 0}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:tribalsystems:zenario:8.8.52729"], "cpe23": ["cpe:2.3:a:tribalsystems:zenario:8.8.52729:*:*:*:*:*:*:*"], "cwe": ["CWE-89"], "affectedSoftware": [{"cpeName": "tribalsystems:zenario", "version": "8.8.52729", "operator": "eq", "name": "tribalsystems zenario"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:tribalsystems:zenario:8.8.52729:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://github.com/TribalSystems/Zenario/releases/tag/8.8.53370", "name": "https://github.com/TribalSystems/Zenario/releases/tag/8.8.53370", "refsource": "CONFIRM", "tags": ["Release Notes", "Third Party Advisory"]}]}
{"github": [{"lastseen": "2022-03-21T23:54:46", "description": "SQL Injection in Tribalsystems Zenario CMS 8.8.52729 and prior allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2022-03-18T17:49:01", "type": "github", "title": "SQL Injection in tribalsystems/zenario ", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26830"], "modified": "2022-03-21T20:29:00", "id": "GHSA-W4F3-7F7C-X652", "href": "https://github.com/advisories/GHSA-w4f3-7f7c-x652", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "veracode": [{"lastseen": "2022-05-12T00:11:05", "description": "tribalsystems/zenario is vulnerable to SQL injection. The vulnerability exists due to a lack of sanitization of the `ID` input field of ajax.php in the `Pugin library - delete` module.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-03-22T07:37:06", "type": "veracode", "title": "SQL Injection", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26830"], "modified": "2022-04-19T18:44:58", "id": "VERACODE:34784", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-34784/summary", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "osv": [{"lastseen": "2022-05-11T20:50:40", "description": "SQL Injection in Tribalsystems Zenario CMS 8.8.52729 and prior allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-03-18T17:49:01", "type": "osv", "title": "SQL Injection in tribalsystems/zenario ", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26830"], "modified": "2022-03-18T17:49:01", "id": "OSV:GHSA-W4F3-7F7C-X652", "href": "https://osv.dev/vulnerability/GHSA-w4f3-7f7c-x652", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "exploitdb": [{"lastseen": "2022-01-13T05:29:32", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-03-15T00:00:00", "type": "exploitdb", "title": "Zenario CMS 8.8.53370 - 'id' Blind SQL Injection", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26830", "2021-26830"], "modified": "2021-03-15T00:00:00", "id": "EDB-ID:49642", "href": "https://www.exploit-db.com/exploits/49642", "sourceData": "# Exploit Title: Zenario CMS 8.8.53370 - 'id' Blind SQL Injection \r\n# Date: 05/02/2021\r\n# Exploit Author: Balaji Ayyasamy\r\n# Vendor Homepage: https://zenar.io/\r\n# Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8\r\n# Version: 8.8.53370\r\n# Tested on: Windows 10 Pro 19041 (x64_86) + XAMPP 7.4.14\r\n# CVE: CVE-2021-26830\r\n# Reference - https://edhunter484.medium.com/blind-sql-injection-on-zenario-cms-b58b6820c32d\r\n\r\nStep 1 - Login to the zenario cms with admin credentials.\r\nStep 2 - Go to modules and select plugin library.\r\nStep 3 - Select any plugin and press delete button. Copy the delete request and send it to the sqlmap.\r\n\r\nCommand - sqlmap -r request.txt -p id", "sourceHref": "https://www.exploit-db.com/download/49642", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}]}
CVE-2021-26830
