CVE-2021-25206 – This vulnerability allows attackers to upload a... (How to Fix)

Q: What is the severity of CVE-2021-25206?

CVE-2021-25206 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to upload arbitrary files to the Responsive Ordering System v1.0 via Product_model.php, potentially leading to remote code execution. Any organization using this specific version of the software is affected. The high CVSS score indicates critical severity.

📋 TL;DR

This vulnerability allows attackers to upload arbitrary files to the Responsive Ordering System v1.0 via Product_model.php, potentially leading to remote code execution. Any organization using this specific version of the software is affected. The high CVSS score indicates critical severity.

💻 Affected Systems

Products:

SourceCodester Responsive Ordering System

Versions: v1.0

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires PHP environment with file upload functionality enabled

📦 What is this software?

Responsive Ordering System by Responsive Ordering System Project

View all CVEs affecting Responsive Ordering System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the web server, data exfiltration, and lateral movement to other systems.

🟠

Likely Case

Webshell deployment leading to data theft, defacement, or use as a foothold for further attacks.

🟢

If Mitigated

File upload blocked or sanitized, preventing malicious file execution while maintaining normal functionality.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication to access the vulnerable endpoint

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch exists. Consider migrating to alternative software or implementing workarounds.

🔧 Temporary Workarounds

File Upload Restriction

all

Implement strict file type validation and extension filtering for uploads

Modify Product_model.php to validate file extensions and MIME types

Web Application Firewall

all

Deploy WAF rules to block malicious file upload patterns

Configure WAF to block requests with suspicious file extensions or content

🧯 If You Can't Patch

Isolate the system in a restricted network segment
Implement strict access controls and monitor all file upload activities

🔍 How to Verify

Check if Vulnerable:

Check if running Responsive Ordering System v1.0 and test file upload functionality with malicious extensions

Check Version:

Check application files or documentation for version information

Verify Fix Applied:

Test file upload with restricted extensions and verify they are rejected

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to Product_model.php
Files with executable extensions in upload directories

Network Indicators:

HTTP POST requests to Product_model.php with file uploads
Subsequent requests to uploaded files

SIEM Query:

source="web_logs" AND uri="/Product_model.php" AND method="POST" AND file_extension IN ("php", "jsp", "asp")

📊 Metadata

CVE ID: CVE-2021-25206

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: July 23, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/BigTiger2020/Responsive-Ordering-System/blob/main/Responsive%20Ordering%20System.md Exploit,Third Party Advisory
https://github.com/BigTiger2020/Responsive-Ordering-System/blob/main/Responsive%20Ordering%20System.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-25206, you might also want to check these: