Login Sign Up

CVE-2021-3021

9.8 CRITICAL
SQL Injection

📋 TL;DR

CVE-2021-3021 is a SQL injection vulnerability in ISPConfig web hosting control panel that allows attackers to execute arbitrary SQL commands. This affects all ISPConfig installations before version 3.2.2. Attackers could potentially access, modify, or delete database content.

💻 Affected Systems

Products:
  • ISPConfig
Versions: All versions before 3.2.2
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all default installations of ISPConfig before the patched version.

📦 What is this software?

Ispconfig by Ispconfig

View all CVEs affecting Ispconfig →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the ISPConfig database leading to data theft, privilege escalation, and potential server takeover if database credentials allow broader system access.

🟠

Likely Case

Unauthorized database access allowing extraction of sensitive information like user credentials, hosting configurations, and customer data.

🟢

If Mitigated

Limited impact with proper input validation and database permission restrictions, potentially only allowing data viewing without modification.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

SQL injection vulnerabilities are commonly exploited, and proof-of-concept details have circulated in security communities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.2

Vendor Advisory: https://www.ispconfig.org/blog/ispconfig-3-2-2-released-important-security-update/

Restart Required: No

Instructions:

1. Backup your ISPConfig installation and database. 2. Update to ISPConfig 3.2.2 using the official update instructions. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Input Validation Enhancement

linux

Implement additional input validation for SQL queries in ISPConfig code

Web Application Firewall

all

Deploy a WAF with SQL injection protection rules

🧯 If You Can't Patch

  • Restrict network access to ISPConfig interface to trusted IP addresses only
  • Implement database-level permissions to limit potential damage from SQL injection

🔍 How to Verify

Check if Vulnerable:

Check ISPConfig version via web interface or examine version files in installation directory

Check Version:

grep -r 'version' /usr/local/ispconfig/interface/lib/classes/*.inc.php 2>/dev/null | grep -i version

Verify Fix Applied:

Confirm version is 3.2.2 or later and test SQL injection attempts are blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL query patterns in database logs
  • Multiple failed login attempts followed by SQL errors
  • Unexpected database schema changes

Network Indicators:

  • SQL injection payloads in HTTP requests to ISPConfig endpoints
  • Unusual database connection patterns from web server

SIEM Query:

source="web_server_logs" AND (url="*ispconfig*" AND (message="*sql*" OR message="*union*" OR message="*select*"))

📊 Metadata

CVE ID: CVE-2021-3021
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: January 5, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-3021, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)