CVE-2020-21725 – OpenSNS v6.1.0 contains a blind SQL injection v... (How to Fix)

Q: What is the severity of CVE-2020-21725?

CVE-2020-21725 has a CVSS score of 9.8 (CRITICAL). OpenSNS v6.1.0 contains a blind SQL injection vulnerability in the ChinaCityController component via the pid parameter. This allows attackers to execute arbitrary SQL commands on the database without authentication. All systems running the vulnerable version are affected.

📋 TL;DR

OpenSNS v6.1.0 contains a blind SQL injection vulnerability in the ChinaCityController component via the pid parameter. This allows attackers to execute arbitrary SQL commands on the database without authentication. All systems running the vulnerable version are affected.

💻 Affected Systems

Products:

OpenSNS

Versions: v6.1.0

Operating Systems: All platforms running OpenSNS

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation. No special configuration is required for exploitation.

📦 What is this software?

Opensns by Opensns

View all CVEs affecting Opensns →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, or full system takeover via SQL injection to RCE chaining.

🟠

Likely Case

Database information disclosure, data manipulation, or potential privilege escalation.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage to non-critical data.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is accessible without authentication, making internet-facing systems prime targets.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but have reduced attack surface compared to internet-facing deployments.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Blind SQL injection requires time-based or boolean techniques but is well-documented. Public proof-of-concept exists in GitHub references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

1. Check for official OpenSNS patches or updates. 2. If unavailable, implement workarounds. 3. Manually patch the vulnerable file by adding proper input validation and parameterized queries.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to ensure pid parameter contains only numeric values

Modify /Controller/ChinaCityController.class.php to validate pid parameter before processing

Web Application Firewall Rule

all

Block SQL injection patterns in requests to ChinaCityController

Add WAF rule: deny requests to *ChinaCityController* containing SQL keywords like UNION, SELECT, INSERT, etc.

🧯 If You Can't Patch

Implement network segmentation to restrict access to the vulnerable endpoint
Deploy a web application firewall with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check if OpenSNS version is 6.1.0 and if /Controller/ChinaCityController.class.php exists without proper input validation for pid parameter

Check Version:

Check OpenSNS configuration files or admin panel for version information

Verify Fix Applied:

Test the vulnerable endpoint with SQL injection payloads and verify they are blocked or sanitized

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in application logs
Multiple requests to ChinaCityController with suspicious pid parameters
Time-delayed responses indicating blind SQL injection

Network Indicators:

HTTP requests to */Controller/ChinaCityController.class.php* with SQL injection patterns in parameters
Unusual database query patterns from application server

SIEM Query:

source="web_logs" AND uri="*ChinaCityController*" AND (param="*pid=*UNION*" OR param="*pid=*SELECT*" OR param="*pid=*SLEEP*")

📊 Metadata

CVE ID: CVE-2020-21725

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: October 7, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/CoColizdf/CVE/issues/1 Exploit,Third Party Advisory
https://github.com/CoColizdf/CVE/issues/1 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-21725, you might also want to check these: