Login Sign Up

CVE-2021-42185

9.8 CRITICAL
SQL Injection

📋 TL;DR

CVE-2021-42185 is a critical SQL injection vulnerability in wdja CMS v2.1 that allows attackers to execute arbitrary SQL commands through the foreground search function. This affects all systems running wdja v2.1, potentially leading to complete database compromise. Attackers can exploit this without authentication to steal, modify, or delete sensitive data.

💻 Affected Systems

Products:
  • wdja CMS
Versions: v2.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects wdja v2.1; earlier or later versions may not be vulnerable. The vulnerability exists in the default installation.

📦 What is this software?

Wdja by Wdja

View all CVEs affecting Wdja →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database takeover allowing data theft, modification, or deletion; potential remote code execution if database permissions allow; full system compromise.

🟠

Likely Case

Database information disclosure including user credentials, sensitive content, and configuration data; potential privilege escalation.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries; database access restricted to read-only operations.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection in search function requires minimal technical skill to exploit. Public proof-of-concept available in GitHub references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Upgrade to a newer version of wdja if available, or apply manual fixes to sanitize search input.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and parameterized queries for search functionality

Modify search.php to use prepared statements with parameter binding

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns

Add WAF rule: deny requests containing SQL keywords like UNION, SELECT, INSERT in search parameters

🧯 If You Can't Patch

  • Disable the vulnerable search functionality entirely
  • Implement network segmentation to isolate the wdja instance from sensitive databases

🔍 How to Verify

Check if Vulnerable:

Test search function with SQL injection payloads like ' OR '1'='1 in search parameters

Check Version:

Check wdja version in admin panel or configuration files

Verify Fix Applied:

Verify that SQL injection payloads no longer execute and return error messages or sanitized results

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts following search requests
  • Search parameters containing SQL keywords

Network Indicators:

  • HTTP requests with SQL injection patterns in search parameters
  • Unusual database connection patterns from web server

SIEM Query:

source="web_logs" AND (search_param="*UNION*" OR search_param="*SELECT*" OR search_param="*INSERT*")

📊 Metadata

CVE ID: CVE-2021-42185
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: May 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-42185, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)