CVE-2017-15379 – This vulnerability allows attackers to bypass a... (How to Fix)

Q: What is the severity of CVE-2017-15379?

CVE-2017-15379 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to bypass authentication in E-Sic 1.0 by using SQL injection in the login form. Attackers can gain unauthorized access to the system by submitting specially crafted username and password values containing SQL injection payloads. Organizations using E-Sic 1.0 software are affected.

📋 TL;DR

This vulnerability allows attackers to bypass authentication in E-Sic 1.0 by using SQL injection in the login form. Attackers can gain unauthorized access to the system by submitting specially crafted username and password values containing SQL injection payloads. Organizations using E-Sic 1.0 software are affected.

💻 Affected Systems

Products:

E-Sic

Versions: Version 1.0

Operating Systems: Any OS running E-Sic 1.0

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the default installation of E-Sic 1.0. The vulnerability is in the login functionality at /index URI.

📦 What is this software?

E Sic by Softwarepublico

View all CVEs affecting E Sic →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to access all data, modify records, and potentially execute arbitrary code on the server.

🟠

Likely Case

Unauthorized access to sensitive citizen data and government records, data manipulation, and privilege escalation.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH - The vulnerability affects the login page which is typically internet-facing, allowing remote exploitation.

🏢 Internal Only: MEDIUM - If deployed internally only, risk is reduced but still significant due to potential insider threats or lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available and requires no authentication. Simple SQL injection payloads like '=''or' can bypass authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

1. Upgrade to a newer version of E-Sic if available. 2. If upgrade not possible, implement input validation and parameterized queries in the login handler. 3. Review and fix SQL injection vulnerabilities in the authentication code.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy a WAF to block SQL injection attempts on the login endpoint

Input Validation

all

Implement server-side input validation to reject SQL injection patterns in username and password fields

🧯 If You Can't Patch

Implement network segmentation to isolate the E-Sic system from other critical infrastructure
Enable detailed logging and monitoring of authentication attempts and implement alerting for failed/suspicious login patterns

🔍 How to Verify

Check if Vulnerable:

Attempt to login with username: '=''or' and password: '=''or' or similar SQL injection payloads. If login succeeds, system is vulnerable.

Check Version:

Check E-Sic version through web interface or configuration files. Typically found in about page or admin panel.

Verify Fix Applied:

Attempt the same SQL injection payloads after remediation. Login should fail with proper error handling.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts with SQL injection patterns
Successful logins from unusual IP addresses
Login attempts containing 'or', '=', ''' characters

Network Indicators:

HTTP POST requests to /index with SQL injection payloads in parameters
Unusual traffic patterns to login endpoint

SIEM Query:

source="web_logs" AND (uri_path="/index" OR uri_path="/login") AND (request_body CONTAINS "'=''or'" OR request_body CONTAINS "'or'" OR request_body CONTAINS "'='")

📊 Metadata

CVE ID: CVE-2017-15379

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: October 23, 2017

Last Updated: April 20, 2025

🔗 References

http://whiteboyz.xyz/esic-software-publico-autentication-bypass.html Third Party Advisory,URL Repurposed
https://www.exploit-db.com/exploits/42980/ Third Party Advisory,VDB Entry
http://whiteboyz.xyz/esic-software-publico-autentication-bypass.html Third Party Advisory,URL Repurposed
https://www.exploit-db.com/exploits/42980/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-15379, you might also want to check these: