Login Sign Up

CVE-2020-13877

9.8 CRITICAL
Remote Code Execution SQL Injection

📋 TL;DR

This CVE describes SQL injection vulnerabilities in ResourceXpress Meeting Monitor 4.9 ASPX pages that allow attackers to execute arbitrary SQL commands. Successful exploitation could lead to remote code execution and sensitive data disclosure. Organizations using ResourceXpress Meeting Monitor 4.9 are affected.

💻 Affected Systems

Products:
  • ResourceXpress Meeting Monitor
Versions: Version 4.9
Operating Systems: Windows (ASPX typically runs on IIS/Windows)
Default Config Vulnerable: ⚠️ Yes
Notes: Specific ASPX pages within the Meeting Monitor application are vulnerable

📦 What is this software?

Meeting Monitor by Resourcexpress

View all CVEs affecting Meeting Monitor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution leading to data theft, lateral movement, and persistent backdoor installation

🟠

Likely Case

Database compromise with sensitive meeting data, user credentials, and organizational information disclosure

🟢

If Mitigated

Limited impact with proper input validation, WAF protection, and network segmentation

🌐 Internet-Facing: HIGH - ASPX pages are typically web-accessible and SQL injection can be exploited remotely
🏢 Internal Only: HIGH - Even internal systems are vulnerable to authenticated or unauthenticated attacks

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection vulnerabilities are well-understood attack vectors with many available tools

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.8 HF 1,2,3 OnPrem v5.3 or later

Vendor Advisory: https://resourcexpress.atlassian.net/wiki/spaces/RSG/pages/807698439/v1.8+HF+1+2+3+OnPrem+v5.3

Restart Required: Yes

Instructions:

1. Download the latest patch from ResourceXpress vendor portal. 2. Backup current installation. 3. Apply the patch following vendor instructions. 4. Restart the application and IIS services. 5. Verify functionality.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF with SQL injection rules to block malicious requests

Input Validation Filter

windows

Implement application-level input validation for all ASPX parameters

🧯 If You Can't Patch

  • Isolate the Meeting Monitor system in a separate network segment with strict firewall rules
  • Implement strong authentication and limit access to only authorized users

🔍 How to Verify

Check if Vulnerable:

Review application version in admin interface or check installed files for version 4.9

Check Version:

Check application web interface or review installation directory version files

Verify Fix Applied:

Confirm version is updated to v1.8 HF 1,2,3 OnPrem v5.3 or later and test SQL injection attempts are blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL error messages in IIS logs
  • Multiple failed login attempts with SQL syntax
  • Long parameter values in URL requests

Network Indicators:

  • HTTP requests containing SQL keywords (SELECT, UNION, INSERT, etc.)
  • Unusual database connection patterns

SIEM Query:

source="IIS" AND ("sql" OR "union" OR "select" OR "insert" OR "delete") AND status=500

📊 Metadata

CVE ID: CVE-2020-13877
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: November 12, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-13877, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)