Login Sign Up

CVE-2020-28102

9.8 CRITICAL
SQL Injection

📋 TL;DR

CVE-2020-28102 is a critical SQL injection vulnerability in cscms v4.1 that allows attackers to execute arbitrary SQL commands via the 'js_del' function. This affects all deployments running cscms v4.1, potentially compromising database integrity and confidentiality. Attackers can manipulate SQL queries to access, modify, or delete sensitive data.

💻 Affected Systems

Products:
  • cscms
Versions: v4.1
Operating Systems: All platforms running cscms
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of cscms v4.1 are vulnerable by default. No special configuration required.

📦 What is this software?

Cscms by Chshcms

View all CVEs affecting Cscms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, and potential remote code execution through database functions.

🟠

Likely Case

Unauthorized data access and manipulation, potentially leading to credential theft, privilege escalation, and data corruption.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place, though underlying vulnerability remains.

🌐 Internet-Facing: HIGH - Web applications are directly exposed to internet-based attacks.
🏢 Internal Only: MEDIUM - Internal attackers could exploit if they have access to the application interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

SQL injection via js_del function requires some level of access but is straightforward to exploit once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.2 or later

Vendor Advisory: https://github.com/chshcms/cscms/issues/9

Restart Required: Yes

Instructions:

1. Backup current installation and database. 2. Download latest version from official repository. 3. Replace vulnerable files with patched version. 4. Restart web server. 5. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for js_del parameter to block SQL injection attempts

Modify js_del function to sanitize input using parameterized queries

WAF Rule Implementation

all

Deploy web application firewall rules to detect and block SQL injection patterns

Configure WAF to block requests containing SQL keywords in js_del parameter

🧯 If You Can't Patch

  • Implement network segmentation to isolate cscms from critical systems
  • Enable detailed logging and monitoring for SQL injection attempts

🔍 How to Verify

Check if Vulnerable:

Check if running cscms v4.1 by examining version files or admin panel

Check Version:

Check cscms version in admin panel or examine version.txt file

Verify Fix Applied:

Verify version is v4.2 or later and test js_del function with SQL injection test payloads

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts
  • Unexpected database operations

Network Indicators:

  • HTTP requests with SQL keywords in js_del parameter
  • Abnormal database connection patterns

SIEM Query:

source="web_logs" AND (js_del CONTAINS "UNION" OR js_del CONTAINS "SELECT" OR js_del CONTAINS "INSERT")

📊 Metadata

CVE ID: CVE-2020-28102
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: January 11, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-28102, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)