10 March 2021 at 14:22 UTC
Up to date: 10 March 2021 at 15:48 UTC
SQL injection bug might enable an unauthenticated attacker to tamper with databases
The builders of the Kentico CMS have patched a crucial vulnerability that might be exploited to compromise backend databases.
The vulnerability was disclosed by Obrela Labs penetration tester Anastasios Stasinopoulos on March 8.
Kentico CMS is an ASP.NET content material administration system (CMS) for enterprise web sites, e-commerce, and each intranet and extranet domains.
The CMS comes with features (PDF) together with built-in modules, textual content enhancing, blogs, and polls, and is used on over 4,000 web sites in 83 nations.
The vulnerability, tracked as CVE-2021-27581, was discovered within the 5.5 R2 5.5.3996 construct of the CMS.
SQL injection flaw
The difficulty resides within the weblog performance module of Kentico CMS, which allows SQL injection assaults to happen through the parameter, corresponding to .
Based on Obrela Labs, the CMS safety flaw “allowed a possible attacker – with out requiring authentication – to work together with the backend Microsoft SQL server database”.
Talking to the The Each day Swig, Stasinopoulos mentioned that “evidently the foundation trigger is improper sanitization inside portal engine parts, which is typical for this kind of safety flaw”.
The researchers say that if efficiently exploited, attackers couldn’t solely entry knowledge saved in a backend database, however might additionally tamper with or delete data outright.
As well as, so long as “particular parameters” are met, the vulnerability might result in the “full compromise of the underlying working system that hosts Kentico”.
Stasinopoulos mentioned that these situations might embody elevated privileges in a consumer account ready to connect with the backend database, stacked queries being permissible on the vulnerable parameter, or the saved process being enabled, both by default or by an attacker.
Obrela Labs disclosed the existence of the vulnerability privately to the CMS developer on Februrary 23 – a day after discovery and previous to public disclosure.
A pattern payload has been made available on GitHub.
It’s suggested that Kentico CMS customers update their builds as rapidly as attainable to the newest 6.0 model which features a safety repair.
The Each day Swig has reached out to Kentico and can replace once we hear again.
YOU MIGHT ALSO LIKE Researchers uncover hidden flaws in Apple’s offline ‘find my device’ feature