Login Sign Up

CVE-2021-28142

8.8 HIGH
SQL Injection

📋 TL;DR

CVE-2021-28142 is a SQL injection vulnerability in CITSmart ITSM's autocomplete filter feature. Attackers can exploit this to execute arbitrary SQL commands on the database. Organizations running affected CITSmart versions are vulnerable.

💻 Affected Systems

Products:
  • CITSmart ITSM
Versions: All versions before 9.1.2.28
Operating Systems: All platforms running CITSmart
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the autocomplete filter feature specifically. All deployments with this feature enabled are vulnerable.

📦 What is this software?

Citsmart by Citsmart

View all CVEs affecting Citsmart →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise allowing data theft, modification, deletion, or potential remote code execution on the database server.

🟠

Likely Case

Unauthorized data access, privilege escalation, and potential extraction of sensitive information like user credentials or business data.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit details are publicly available via Packet Storm Security. Requires some authentication level but SQL injection is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.1.2.28 or later

Vendor Advisory: https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html

Restart Required: Yes

Instructions:

1. Backup your CITSmart installation and database. 2. Download version 9.1.2.28 or later from official CITSmart sources. 3. Follow CITSmart upgrade documentation. 4. Restart application services. 5. Verify the fix by testing the autocomplete filter.

🔧 Temporary Workarounds

Disable Autocomplete Filter

all

Temporarily disable the vulnerable autocomplete filter feature until patching is possible.

Web Application Firewall Rules

all

Implement WAF rules to block SQL injection patterns targeting the autocomplete endpoint.

🧯 If You Can't Patch

  • Implement strict input validation and parameterized queries for all autocomplete filter inputs.
  • Restrict database user permissions to minimum required privileges and implement network segmentation.

🔍 How to Verify

Check if Vulnerable:

Check CITSmart version via admin interface. If version is below 9.1.2.28, the system is vulnerable.

Check Version:

Check via CITSmart admin dashboard or application configuration files.

Verify Fix Applied:

After upgrading to 9.1.2.28 or later, test the autocomplete filter with SQL injection payloads to confirm they are blocked.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed autocomplete requests with SQL syntax
  • Database error messages in application logs

Network Indicators:

  • HTTP POST requests to autocomplete endpoints containing SQL keywords
  • Unusual database connection patterns from application server

SIEM Query:

source="citsmart.logs" AND ("autocomplete" AND ("SELECT", "UNION", "OR 1=1", "--"))

📊 Metadata

CVE ID: CVE-2021-28142
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: April 6, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-28142, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)