CVE-2021-44350 – This SQL injection vulnerability in ThinkPHP5 a... (How to Fix)

Q: How do I fix CVE-2021-44350?

1. Update ThinkPHP5 framework to version 5.1.23 or later. 2. Replace the framework directory with patched version. 3. Clear any cached files. 4. Test application functionality.

Q: What is the severity of CVE-2021-44350?

CVE-2021-44350 has a CVSS score of 9.8 (CRITICAL). This SQL injection vulnerability in ThinkPHP5 allows attackers to execute arbitrary SQL commands through the parseOrder function. It affects all ThinkPHP5 applications using versions 5.0.x through 5.1.22. Attackers can potentially read, modify, or delete database contents.

📋 TL;DR

This SQL injection vulnerability in ThinkPHP5 allows attackers to execute arbitrary SQL commands through the parseOrder function. It affects all ThinkPHP5 applications using versions 5.0.x through 5.1.22. Attackers can potentially read, modify, or delete database contents.

💻 Affected Systems

Products:

ThinkPHP5

Versions: 5.0.x <= 5.1.22

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All applications using affected ThinkPHP5 framework versions are vulnerable if they use order functionality.

📦 What is this software?

Thinkphp by Thinkphp

View all CVEs affecting Thinkphp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, or full system takeover via subsequent attacks.

🟠

Likely Case

Unauthorized data access, data manipulation, or privilege escalation within the database.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage scope.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via order parameter requires minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.1.23

Vendor Advisory: https://github.com/top-think/framework/issues/2613

Restart Required: No

Instructions:

1. Update ThinkPHP5 framework to version 5.1.23 or later. 2. Replace the framework directory with patched version. 3. Clear any cached files. 4. Test application functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for order parameters before passing to parseOrder function.

Database Permission Reduction

all

Restrict database user permissions to minimum required operations.

🧯 If You Can't Patch

Implement web application firewall (WAF) with SQL injection rules
Disable or restrict order functionality in affected endpoints

🔍 How to Verify

Check if Vulnerable:

Check ThinkPHP5 framework version in vendor/topthink/framework directory or composer.json.

Check Version:

cat vendor/topthink/framework/src/think/App.php | grep 'const VERSION'

Verify Fix Applied:

Confirm framework version is 5.1.23 or higher and test order functionality with malicious inputs.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed order parameter attempts
SQL syntax errors in application logs

Network Indicators:

HTTP requests with unusual order parameters containing SQL keywords

SIEM Query:

source="web_logs" AND (order* OR ORDER*) AND (SELECT OR UNION OR INSERT OR DELETE)

📊 Metadata

CVE ID: CVE-2021-44350

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: December 15, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/top-think/framework/issues/2613 Exploit,Issue Tracking,Third Party Advisory
https://github.com/top-think/framework/issues/2613 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-44350, you might also want to check these: