Login Sign Up

CVE-2021-26231

9.8 CRITICAL
SQL Injection

📋 TL;DR

CVE-2021-26231 is a critical SQL injection vulnerability in Fantastic Blog CMS v1.0 that allows remote attackers to execute arbitrary SQL commands via the id parameter in category.php. This affects all deployments of this specific CMS version. Attackers can potentially read, modify, or delete database content.

💻 Affected Systems

Products:
  • SourceCodester Fantastic Blog CMS
Versions: v1.0
Operating Systems: All operating systems running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations of Fantastic Blog CMS v1.0 regardless of configuration.

📦 What is this software?

Fantastic Blog Cms by Fantastic Blog Cms Project

View all CVEs affecting Fantastic Blog Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, authentication bypass, and potential remote code execution if database functions allow it.

🟠

Likely Case

Database information disclosure, data manipulation, and potential privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication via web requests.
🏢 Internal Only: MEDIUM - Still exploitable by internal users or attackers who gain internal network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection via GET/POST parameters is well-understood and easily weaponized. Public proof-of-concept exists in GitHub repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative CMS solutions or implementing custom fixes with parameterized queries.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize the id parameter before processing

Modify category.php to add: $id = intval($_GET['id']); // or filter_var($id, FILTER_VALIDATE_INT)

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns

Configure WAF to block SQL injection patterns in GET/POST parameters

🧯 If You Can't Patch

  • Isolate the CMS instance behind a reverse proxy with strict input validation
  • Implement network segmentation to limit database access from the web server

🔍 How to Verify

Check if Vulnerable:

Test by accessing category.php with SQL injection payload: /category.php?id=1' OR '1'='1

Check Version:

Check CMS version in admin panel or readme files

Verify Fix Applied:

Test with same payload; should return error or no data instead of executing SQL

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL error messages in web logs
  • Multiple requests to category.php with special characters in id parameter

Network Indicators:

  • HTTP requests containing SQL keywords (UNION, SELECT, etc.) in URL parameters

SIEM Query:

web.url:*category.php* AND (web.param.id:*'* OR web.param.id:*UNION* OR web.param.id:*SELECT*)

📊 Metadata

CVE ID: CVE-2021-26231
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: July 22, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-26231, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)