Login Sign Up

CVE-2019-7747

9.6 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2019-7747 is a session fixation vulnerability in DbNinja 3.2.7 that allows attackers to hijack user sessions by manipulating the sessid parameter in data.php. This affects all DbNinja users running the vulnerable version, potentially compromising database administration sessions.

💻 Affected Systems

Products:
  • DbNinja
Versions: 3.2.7
Operating Systems: All platforms running DbNinja
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web interface of DbNinja database administration tool.

📦 What is this software?

Dbninja by Dbninja

View all CVEs affecting Dbninja →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of database administration sessions leading to unauthorized database access, data theft, manipulation, or destruction.

🟠

Likely Case

Session hijacking allowing attackers to perform unauthorized database operations as authenticated users.

🟢

If Mitigated

Limited impact with proper session management controls and network segmentation in place.

🌐 Internet-Facing: HIGH - Web-based database administration tools exposed to the internet are prime targets.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires initial access to set a fixed session ID, then waiting for victim to authenticate.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 3.2.7

Vendor Advisory: https://github.com/OSChina/dbninja

Restart Required: Yes

Instructions:

1. Backup current DbNinja installation. 2. Download latest version from official repository. 3. Replace existing files with patched version. 4. Restart web server/service.

🔧 Temporary Workarounds

Session Regeneration

all

Implement session regeneration after authentication to prevent fixation attacks

Modify data.php to regenerate session ID after successful login

Access Restriction

linux

Restrict access to DbNinja interface to trusted networks only

iptables -A INPUT -p tcp --dport [DbNinja_port] -s [trusted_network] -j ACCEPT
iptables -A INPUT -p tcp --dport [DbNinja_port] -j DROP

🧯 If You Can't Patch

  • Implement network segmentation to isolate DbNinja from untrusted networks
  • Deploy web application firewall with session fixation protection rules

🔍 How to Verify

Check if Vulnerable:

Check if running DbNinja version 3.2.7 by examining version files or web interface footer

Check Version:

grep -r 'version' /path/to/dbninja/installation/ or check web interface

Verify Fix Applied:

Verify version is updated beyond 3.2.7 and test session handling after authentication

📡 Detection & Monitoring

Log Indicators:

  • Multiple session IDs for same user
  • Session ID changes after authentication
  • Unusual database operations from unexpected IPs

Network Indicators:

  • HTTP requests to data.php with sessid parameter manipulation
  • Session cookie anomalies

SIEM Query:

source="web_logs" url="*data.php*" (sessid OR session) | stats count by src_ip, user_agent

📊 Metadata

CVE ID: CVE-2019-7747
CVSS v3 Score: 9.6 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-384
Published: February 11, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-7747, you might also want to check these:

CVE-2024-11317 10.0

CVE-2024-11317 is a session fixation vulnerability in ABB ASPECT, NEXUS, and MATRIX series products ...

Same vulnerability type (CWE-384)
CVE-2024-38513 10.0

This vulnerability in GoFiber's session middleware allows attackers to supply their own session_id, ...

Same vulnerability type (CWE-384)
CVE-2021-20151 10.0

This vulnerability allows session hijacking on Trendnet AC2600 routers by exploiting IP-based sessio...

Same vulnerability type (CWE-384)