Login Sign Up

CVE-2020-35337

9.8 CRITICAL
SQL Injection

📋 TL;DR

CVE-2020-35337 is a SQL injection vulnerability in ThinkSAAS CMS that allows authenticated attackers to execute arbitrary SQL commands via the title parameter in the admin topic management interface. This affects ThinkSAAS installations before version 3.38. Attackers with admin access can potentially compromise the database and underlying server.

💻 Affected Systems

Products:
  • ThinkSAAS
Versions: All versions before 3.38
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin authentication to access the vulnerable endpoint at app/topic/action/admin/topic.php

📦 What is this software?

Thinksaas by Thinksaas

View all CVEs affecting Thinksaas →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, and potential remote code execution on the underlying server through database functions.

🟠

Likely Case

Database information disclosure, data manipulation, and potential administrative account takeover.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires admin credentials but SQL injection is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.38

Vendor Advisory: https://github.com/thinksaas/ThinkSAAS/issues/24

Restart Required: No

Instructions:

1. Download ThinkSAAS version 3.38 or later from official sources. 2. Backup current installation and database. 3. Replace vulnerable files with patched version. 4. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to sanitize title parameter input

Modify app/topic/action/admin/topic.php to validate/sanitize title parameter before SQL execution

WAF Rule

all

Implement web application firewall rules to block SQL injection patterns

Add WAF rule to detect and block SQL injection attempts in POST parameters

🧯 If You Can't Patch

  • Restrict access to admin interface to trusted IP addresses only
  • Implement database user with minimal privileges for the application

🔍 How to Verify

Check if Vulnerable:

Check ThinkSAAS version in admin panel or by examining source files. If version < 3.38, system is vulnerable.

Check Version:

Check admin panel or examine ThinkSAAS configuration files for version information

Verify Fix Applied:

Verify version is 3.38 or later and test title parameter with SQL injection payloads that should be blocked.

📡 Detection & Monitoring

Log Indicators:

  • SQL error messages in application logs
  • Unusual database queries from admin interface
  • Multiple failed login attempts followed by SQL injection patterns

Network Indicators:

  • POST requests to /app/topic/action/admin/topic.php with SQL keywords in parameters
  • Unusual database connection patterns

SIEM Query:

source="web_logs" AND uri="/app/topic/action/admin/topic.php" AND (title CONTAINS "UNION" OR title CONTAINS "SELECT" OR title CONTAINS "INSERT" OR title CONTAINS "DELETE")

📊 Metadata

CVE ID: CVE-2020-35337
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: March 24, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35337, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)