CVE-2019-6295 – CVE-2019-6295 is a SQL injection vulnerability ... (How to Fix)

Q: What is the severity of CVE-2019-6295?

CVE-2019-6295 has a CVSS score of 9.8 (CRITICAL). CVE-2019-6295 is a SQL injection vulnerability in Cleanto 5.0 that allows attackers to execute arbitrary SQL commands via the service_id parameter in assets/lib/service_method_ajax.php. This affects all Cleanto 5.0 installations with the vulnerable component accessible. Attackers can potentially read, modify, or delete database content.

📋 TL;DR

CVE-2019-6295 is a SQL injection vulnerability in Cleanto 5.0 that allows attackers to execute arbitrary SQL commands via the service_id parameter in assets/lib/service_method_ajax.php. This affects all Cleanto 5.0 installations with the vulnerable component accessible. Attackers can potentially read, modify, or delete database content.

💻 Affected Systems

Products:

Cleanto

Versions: 5.0

Operating Systems: All platforms running Cleanto

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation of Cleanto 5.0. Any system with the assets/lib/service_method_ajax.php file accessible is vulnerable.

📦 What is this software?

Cleanto by Skymoonlabs

View all CVEs affecting Cleanto →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, or full system takeover via SQL injection to remote code execution chaining.

🟠

Likely Case

Database information disclosure, authentication bypass, or privilege escalation through SQL injection.

🟢

If Mitigated

Limited impact if proper input validation and parameterized queries are implemented, or if the vulnerable endpoint is inaccessible.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is typically accessible via web requests, making internet-facing installations particularly vulnerable.

🏢 Internal Only: HIGH - Even internal systems are vulnerable if attackers gain network access or if insider threats exist.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is straightforward to exploit with basic SQL injection techniques. Public proof-of-concept details are available in the GitHub issue.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version of Cleanto if available, or implement workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement proper input validation and parameterized queries for the service_id parameter in service_method_ajax.php

Edit assets/lib/service_method_ajax.php to replace raw SQL queries with prepared statements

Access Restriction

all

Restrict access to the vulnerable endpoint using web server configuration or application firewalls

Add deny rule in .htaccess: Deny from all
Configure web server to block access to assets/lib/service_method_ajax.php

🧯 If You Can't Patch

Implement a web application firewall (WAF) with SQL injection protection rules
Isolate the Cleanto system in a segmented network with strict access controls

🔍 How to Verify

Check if Vulnerable:

Check if assets/lib/service_method_ajax.php exists and is accessible. Test with SQL injection payloads in the service_id parameter.

Check Version:

Check Cleanto version in configuration files or admin panel. Look for version 5.0 indicators.

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and that parameterized queries are implemented in the PHP file.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in web server logs
Multiple requests to service_method_ajax.php with suspicious parameters
SQL syntax in service_id parameter values

Network Indicators:

HTTP requests to /assets/lib/service_method_ajax.php with SQL injection patterns in parameters
Unusual database query patterns from web server

SIEM Query:

source="web_server" AND uri="/assets/lib/service_method_ajax.php" AND (param="service_id" AND value MATCH "['";]|UNION|SELECT|INSERT|UPDATE|DELETE|DROP|OR 1=1")

📊 Metadata

CVE ID: CVE-2019-6295

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: January 15, 2019

Last Updated: November 21, 2024

🔗 References

https://github.com/yanchongchong/swallow/issues/12 Exploit,Issue Tracking,Third Party Advisory
https://github.com/yanchongchong/swallow/issues/12 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-6295, you might also want to check these: