Login Sign Up

CVE-2021-44097

9.8 CRITICAL
SQL Injection

📋 TL;DR

CVE-2021-44097 is a critical SQL injection vulnerability in EGavilan Media's Contact-Form-With-Messages-Entry-Management plugin version 1.0. Attackers can exploit this via the Addmessage.php endpoint to execute arbitrary SQL commands, potentially compromising the entire application database. Organizations using this specific plugin version are affected.

💻 Affected Systems

Products:
  • EGavilan Media Contact-Form-With-Messages-Entry-Management
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only version 1.0 is affected; the vulnerability exists in the default installation.

📦 What is this software?

Contact Form With Messages Entry Management by Contact Form With Messages Entry Management Project

View all CVEs affecting Contact Form With Messages Entry Management →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, or deletion; potential privilege escalation to execute operating system commands if database permissions allow.

🟠

Likely Case

Data exfiltration from the contact form database, injection of malicious content, or denial of service by corrupting database tables.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection; database remains secure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires no authentication and is straightforward due to direct SQL injection in Addmessage.php.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch exists; remove or replace the vulnerable plugin version.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and parameterized queries in Addmessage.php to prevent SQL injection.

N/A

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection rules to block malicious requests targeting Addmessage.php.

N/A

🧯 If You Can't Patch

  • Disable or remove the Contact-Form-With-Messages-Entry-Management plugin version 1.0 immediately.
  • Restrict network access to the application using firewalls or network segmentation to limit exposure.

🔍 How to Verify

Check if Vulnerable:

Check if the plugin version is 1.0 by reviewing the plugin files or configuration; test Addmessage.php with SQL injection payloads in a controlled environment.

Check Version:

N/A

Verify Fix Applied:

Verify the plugin is removed or replaced; test Addmessage.php with SQL injection payloads to confirm no database interaction occurs.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs from Addmessage.php requests
  • HTTP requests to Addmessage.php with SQL keywords (e.g., UNION, SELECT, DROP)

Network Indicators:

  • HTTP POST requests to Addmessage.php with suspicious parameters containing SQL syntax

SIEM Query:

source="web_logs" AND uri="/Addmessage.php" AND (param="*UNION*" OR param="*SELECT*" OR param="*DROP*")

📊 Metadata

CVE ID: CVE-2021-44097
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: June 2, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-44097, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)