CVE-2020-20915 – This is a critical SQL injection vulnerability ... (How to Fix)

Q: What is the severity of CVE-2020-20915?

CVE-2020-20915 has a CVSS score of 9.8 (CRITICAL). This is a critical SQL injection vulnerability in PublicCMS v4.0 that allows remote attackers to execute arbitrary SQL commands via the sql parameter in SysSiteAdminControl. Attackers can potentially read, modify, or delete database content, and in some configurations execute arbitrary code. All PublicCMS v4.0 installations with the vulnerable component exposed are affected.

📋 TL;DR

This is a critical SQL injection vulnerability in PublicCMS v4.0 that allows remote attackers to execute arbitrary SQL commands via the sql parameter in SysSiteAdminControl. Attackers can potentially read, modify, or delete database content, and in some configurations execute arbitrary code. All PublicCMS v4.0 installations with the vulnerable component exposed are affected.

💻 Affected Systems

Products:

PublicCMS

Versions: Version 4.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All PublicCMS v4.0 installations are vulnerable by default. The vulnerability is in the SysSiteAdminControl component.

📦 What is this software?

Publiccms by Publiccms

View all CVEs affecting Publiccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise including arbitrary code execution, database destruction, and potential lateral movement to other systems.

🟠

Likely Case

Database compromise leading to data theft, data manipulation, or denial of service through database corruption.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and affects internet-facing CMS systems.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but have reduced attack surface compared to internet-facing systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is well-documented in GitHub issues with technical details that could be weaponized. SQL injection vulnerabilities are commonly exploited.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 4.0 (check latest release)

Vendor Advisory: https://github.com/sanluan/PublicCMS/issues/29

Restart Required: Yes

Instructions:

1. Backup your current installation and database. 2. Download the latest version of PublicCMS from the official repository. 3. Replace the vulnerable files with patched versions. 4. Restart the web server. 5. Verify the fix by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation to filter SQL injection patterns from the sql parameter

Modify SysSiteAdminControl to sanitize sql parameter input

Web Application Firewall

all

Deploy WAF with SQL injection protection rules

Configure WAF to block requests containing SQL injection patterns in parameters

🧯 If You Can't Patch

Implement network segmentation to isolate the vulnerable system from critical assets
Deploy intrusion detection systems to monitor for SQL injection attempts

🔍 How to Verify

Check if Vulnerable:

Check if running PublicCMS version 4.0 and test the SysSiteAdminControl endpoint with SQL injection payloads

Check Version:

Check PublicCMS version in admin panel or configuration files

Verify Fix Applied:

Test the SysSiteAdminControl endpoint with SQL injection payloads after patching to ensure they are rejected

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in application logs
Multiple failed login attempts or parameter manipulation in access logs

Network Indicators:

HTTP requests containing SQL keywords in parameters
Unusual database connection patterns

SIEM Query:

source="web_logs" AND (sql OR union OR select OR insert OR delete) AND parameter="sql"

📊 Metadata

CVE ID: CVE-2020-20915

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: April 4, 2023

Last Updated: February 14, 2025

🔗 References

https://github.com/sanluan/PublicCMS/issues/29 Exploit,Issue Tracking
https://github.com/sanluan/PublicCMS/issues/29 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-20915, you might also want to check these: