CVE-2021-44348 – This CVE describes a SQL injection vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2021-44348?

CVE-2021-44348 has a CVSS score of 9.8 (CRITICAL). This CVE describes a SQL injection vulnerability in TuziCMS v2.0.6 that allows attackers to execute arbitrary SQL commands via the 'id' parameter in the AdvertController. This affects all TuziCMS v2.0.6 installations and could lead to complete database compromise.

📋 TL;DR

This CVE describes a SQL injection vulnerability in TuziCMS v2.0.6 that allows attackers to execute arbitrary SQL commands via the 'id' parameter in the AdvertController. This affects all TuziCMS v2.0.6 installations and could lead to complete database compromise.

💻 Affected Systems

Products:

TuziCMS

Versions: v2.0.6

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of TuziCMS v2.0.6 are vulnerable by default. The vulnerability exists in the core application code.

📦 What is this software?

Tuzicms by Yejiao

View all CVEs affecting Tuzicms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, privilege escalation, and potential remote code execution via database functions.

🟠

Likely Case

Database information disclosure, data manipulation, and potential authentication bypass.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place.

🌐 Internet-Facing: HIGH - Web applications are typically internet-facing and this vulnerability requires no authentication.

🏢 Internal Only: MEDIUM - Internal applications could still be exploited by malicious insiders or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are commonly exploited and tools like sqlmap can automate exploitation. The GitHub issue shows proof of concept.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.0.7 or later

Vendor Advisory: https://github.com/yeyinshi/tuzicms/issues/9

Restart Required: No

Instructions:

1. Backup your current installation and database. 2. Download the latest version from the official repository. 3. Replace vulnerable files with patched versions. 4. Verify the fix by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize the 'id' parameter before processing

Modify App\Manage\Controller\AdvertController.class.php to validate/sanitize the id parameter

WAF Rule

all

Implement Web Application Firewall rules to block SQL injection patterns

Add WAF rule: deny requests containing SQL keywords in id parameter

🧯 If You Can't Patch

Implement strict input validation and parameterized queries in the affected controller
Restrict access to the vulnerable endpoint using network controls or authentication

🔍 How to Verify

Check if Vulnerable:

Test the AdvertController endpoint with SQL injection payloads in the id parameter (e.g., id=1' OR '1'='1)

Check Version:

Check TuziCMS version in configuration files or admin panel

Verify Fix Applied:

Test the same endpoint with SQL injection payloads after patching - should return error or no data leakage

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in application logs
Multiple failed login attempts following SQL errors
Requests with SQL keywords in id parameter

Network Indicators:

HTTP requests containing SQL injection patterns in parameters
Unusual database query patterns from application server

SIEM Query:

source="web_logs" AND (uri_query="*id=*'*" OR uri_query="*id=*%27*")

📊 Metadata

CVE ID: CVE-2021-44348

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: December 3, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/yeyinshi/tuzicms/issues/9 Third Party Advisory
https://github.com/yeyinshi/tuzicms/issues/9 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-44348, you might also want to check these: