CVE-2021-40674 – This SQL injection vulnerability in Wuzhi CMS v... (How to Fix)

Q: What is the severity of CVE-2021-40674?

CVE-2021-40674 has a CVSS score of 9.8 (CRITICAL). This SQL injection vulnerability in Wuzhi CMS v4.1.0 allows attackers to execute arbitrary SQL commands via the KeyValue parameter in the order administration interface. Attackers can potentially access, modify, or delete database content. This affects all deployments using the vulnerable version of Wuzhi CMS.

📋 TL;DR

This SQL injection vulnerability in Wuzhi CMS v4.1.0 allows attackers to execute arbitrary SQL commands via the KeyValue parameter in the order administration interface. Attackers can potentially access, modify, or delete database content. This affects all deployments using the vulnerable version of Wuzhi CMS.

💻 Affected Systems

Products:

Wuzhi CMS

Versions: v4.1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires access to the order administration interface (/coreframe/app/order/admin/index.php).

📦 What is this software?

Wuzhicms by Wuzhicms

View all CVEs affecting Wuzhicms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, privilege escalation to administrative access, and potential remote code execution through database functions.

🟠

Likely Case

Unauthorized access to sensitive order data, customer information exposure, and potential administrative account takeover.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only read access to non-sensitive data.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the admin interface but SQL injection payloads are well-documented and easy to craft.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.1.1 or later

Vendor Advisory: https://github.com/wuzhicms/wuzhicms/issues/198

Restart Required: No

Instructions:

1. Download latest version from official repository. 2. Backup current installation. 3. Replace vulnerable files with patched versions. 4. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize KeyValue parameter before processing

Modify coreframe/app/order/admin/index.php to add parameter validation

Access Restriction

all

Restrict access to the vulnerable admin interface using web server rules

Add IP-based restrictions in .htaccess or web server configuration

🧯 If You Can't Patch

Implement web application firewall (WAF) with SQL injection rules
Restrict database user permissions to minimum required

🔍 How to Verify

Check if Vulnerable:

Check if /coreframe/app/order/admin/index.php exists and version is 4.1.0

Check Version:

Check version.txt file or admin panel version display

Verify Fix Applied:

Verify version is 4.1.1 or later and test KeyValue parameter with SQL injection test payloads

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts to admin interface
Suspicious KeyValue parameter values in web logs

Network Indicators:

POST requests to /coreframe/app/order/admin/index.php with SQL keywords in parameters

SIEM Query:

web.url:*order/admin/index.php AND (web.param:*UNION* OR web.param:*SELECT* OR web.param:*INSERT* OR web.param:*DELETE*)

📊 Metadata

CVE ID: CVE-2021-40674

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: September 20, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/wuzhicms/wuzhicms/issues/198 Exploit,Issue Tracking,Third Party Advisory
https://github.com/wuzhicms/wuzhicms/issues/198 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-40674, you might also want to check these: