CVE-2020-21667
📋 TL;DR
This vulnerability allows SQL injection attacks in fastadmin-tp6 v1.0 through unfiltered 'table' parameter input in Ajax.php. Attackers can execute arbitrary SQL commands to manipulate or extract database content. Any system running the vulnerable version is affected.
💻 Affected Systems
- fastadmin-tp6
📦 What is this software?
Fastadmin Tp6 by Fastadmin Tp6 Project
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data manipulation, privilege escalation, and potential remote code execution via database functions.
Likely Case
Data extraction from database tables, including sensitive information like user credentials, personal data, or configuration secrets.
If Mitigated
Limited impact with proper input validation and parameterized queries preventing SQL injection.
🎯 Exploit Status
SQL injection vulnerabilities are well-understood with many automated tools available. Requires admin access or exposed admin endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown specific version - check GitHub repository
Vendor Advisory: https://github.com/che-my/fastadmin-tp6/issues/2
Restart Required: No
Instructions:
1. Update to latest version of fastadmin-tp6. 2. Apply input validation/sanitization to 'table' parameter. 3. Use parameterized queries or prepared statements.
🔧 Temporary Workarounds
Input Validation Filter
allAdd input validation to filter the 'table' parameter before processing
Modify app/admin/controller/Ajax.php to validate/sanitize the 'table' parameter
WAF Rule
allImplement web application firewall rules to block SQL injection patterns
Configure WAF to detect and block SQL injection attempts on admin endpoints
🧯 If You Can't Patch
- Implement strict input validation for all user-supplied parameters
- Restrict access to admin endpoints using network segmentation and authentication
🔍 How to Verify
Check if Vulnerable:
Check if running fastadmin-tp6 v1.0 and examine app/admin/controller/Ajax.php for lack of input validation on 'table' parameterCheck Version:
Check composer.json or project configuration files for version informationVerify Fix Applied:
Verify that input validation or parameterized queries are implemented for the 'table' parameter in Ajax.php📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts to admin endpoints
- Suspicious parameter values in web server logs
Network Indicators:
- SQL injection patterns in HTTP requests
- Unusual database connection patterns from web servers
SIEM Query:
web_requests WHERE url CONTAINS 'admin/ajax' AND (params CONTAINS 'UNION' OR params CONTAINS 'SELECT' OR params CONTAINS 'INSERT')