CVE-2020-18175 – This CVE describes a SQL injection vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2020-18175?

CVE-2020-18175 has a CVSS score of 9.8 (CRITICAL). This CVE describes a SQL injection vulnerability in Metinfo CMS version 6.1.3 that allows attackers to execute arbitrary SQL commands via the dosafety_emailadd action in basic.php. This affects all Metinfo 6.1.3 installations with the vulnerable component enabled. Attackers can potentially access, modify, or delete database content.

📋 TL;DR

This CVE describes a SQL injection vulnerability in Metinfo CMS version 6.1.3 that allows attackers to execute arbitrary SQL commands via the dosafety_emailadd action in basic.php. This affects all Metinfo 6.1.3 installations with the vulnerable component enabled. Attackers can potentially access, modify, or delete database content.

💻 Affected Systems

Products:

Metinfo CMS

Versions: 6.1.3

Operating Systems: All operating systems running Metinfo

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability is in the core CMS functionality and affects default installations.

📦 What is this software?

Metinfo by Metinfo

View all CVEs affecting Metinfo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, authentication bypass, and potential remote code execution via database functions.

🟠

Likely Case

Database information disclosure, data manipulation, and potential privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH - The vulnerability is in a web application component accessible via HTTP requests.

🏢 Internal Only: MEDIUM - Internal systems could still be vulnerable if accessed by malicious insiders or compromised internal hosts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are commonly exploited with readily available tools and techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.2.0 or later

Vendor Advisory: https://www.metinfo.cn/download/

Restart Required: No

Instructions:

1. Backup your current installation and database. 2. Download the latest version from the official Metinfo website. 3. Replace the vulnerable basic.php file with the patched version. 4. Verify the fix by testing the dosafety_emailadd functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to filter SQL injection attempts in the dosafety_emailadd parameter

# Add input sanitization in basic.php before processing dosafety_emailadd

WAF Rule

all

Implement web application firewall rules to block SQL injection patterns

# Example ModSecurity rule: SecRule ARGS:dosafety_emailadd "@detectSQLi" "id:1001,phase:2,deny"

🧯 If You Can't Patch

Disable or restrict access to the vulnerable basic.php endpoint
Implement strict input validation and parameterized queries for all user inputs

🔍 How to Verify

Check if Vulnerable:

Test the dosafety_emailadd parameter with SQL injection payloads like ' OR '1'='1

Check Version:

Check Metinfo version in admin panel or via /admin/index.php?lang=us

Verify Fix Applied:

Attempt SQL injection on the patched dosafety_emailadd parameter and verify it's blocked

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts after SQL injection attempts
HTTP requests containing SQL keywords in dosafety_emailadd parameter

Network Indicators:

HTTP POST requests to basic.php with SQL injection patterns
Unusual database connection patterns from web server

SIEM Query:

source="web_logs" AND uri="*/basic.php*" AND (request="*dosafety_emailadd*SELECT*" OR request="*dosafety_emailadd*UNION*" OR request="*dosafety_emailadd*OR*1=1*")

📊 Metadata

CVE ID: CVE-2020-18175

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: July 30, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/sword1991912/metinfo/issues/1 Exploit,Issue Tracking,Third Party Advisory
https://github.com/sword1991912/metinfo/issues/1 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-18175, you might also want to check these: