CVE-2021-45334 – CVE-2021-45334 is a critical SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2021-45334?

CVE-2021-45334 has a CVSS score of 9.8 (CRITICAL). CVE-2021-45334 is a critical SQL injection vulnerability in Sourcecodester Online Thesis Archiving System 1.0 that allows unauthenticated attackers to bypass admin authentication and gain administrative access. This affects all deployments of version 1.0 of this specific software. Attackers can compromise the entire system through this authentication bypass.

📋 TL;DR

CVE-2021-45334 is a critical SQL injection vulnerability in Sourcecodester Online Thesis Archiving System 1.0 that allows unauthenticated attackers to bypass admin authentication and gain administrative access. This affects all deployments of version 1.0 of this specific software. Attackers can compromise the entire system through this authentication bypass.

💻 Affected Systems

Products:

Sourcecodester Online Thesis Archiving System

Versions: 1.0

Operating Systems: Any OS running PHP/MySQL web server

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of version 1.0 are vulnerable. The system uses PHP with MySQL database backend.

📦 What is this software?

Online Thesis Archiving System by Online Thesis Archiving System Project

View all CVEs affecting Online Thesis Archiving System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise: attackers gain admin access, can steal all thesis data, modify/delete content, execute arbitrary SQL commands, and potentially achieve remote code execution.

🟠

Likely Case

Administrative account takeover leading to data theft, system manipulation, and potential lateral movement within the network.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH - The system is typically internet-facing for thesis submission/access, making it directly accessible to attackers.

🏢 Internal Only: MEDIUM - If only internally accessible, risk is reduced but still significant for authenticated users or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Multiple public exploit scripts available. Attack requires no authentication and uses simple SQL injection payloads.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - No official patch released by vendor

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

1. Check vendor website for updates 2. If no patch available, implement workarounds 3. Consider migrating to alternative software

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and parameterized queries in login/auth functions

Modify PHP files to use prepared statements: $stmt = $conn->prepare('SELECT * FROM users WHERE username = ? AND password = ?'); $stmt->bind_param('ss', $username, $password);

Web Application Firewall (WAF)

all

Deploy WAF with SQL injection rules to block malicious payloads

Install and configure ModSecurity with OWASP CRS rules
Enable SQL injection detection rules in cloud WAF services

🧯 If You Can't Patch

Isolate the system behind a reverse proxy with strict input filtering
Implement network segmentation to limit lateral movement if compromised

🔍 How to Verify

Check if Vulnerable:

Test login page with SQL injection payloads like: admin' OR '1'='1

Check Version:

Check system version in admin panel or review source code for version markers

Verify Fix Applied:

Attempt SQL injection attacks against authentication endpoints; successful login should be blocked

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts with SQL keywords
Successful admin login from unusual IP addresses
SQL error messages in application logs

Network Indicators:

HTTP POST requests to login.php containing SQL keywords
Unusual database query patterns from web server

SIEM Query:

source="web_logs" AND (uri="/login.php" OR uri="/admin/login.php") AND (body="OR '1'='1" OR body="UNION SELECT" OR body="--" OR body="#")

📊 Metadata

CVE ID: CVE-2021-45334

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: January 10, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-45334 Exploit,Third Party Advisory
https://packetstormsecurity.com/files/165272/Online-Thesis-Archiving-System-1.0-SQL-Injection-Cross-Site-Scripting.html Exploit,Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/50597 Exploit,Third Party Advisory,VDB Entry
https://www.nu11secur1ty.com/2022/01/cve-2021-45334.html Exploit,Third Party Advisory
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-45334 Exploit,Third Party Advisory
https://packetstormsecurity.com/files/165272/Online-Thesis-Archiving-System-1.0-SQL-Injection-Cross-Site-Scripting.html Exploit,Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/50597 Exploit,Third Party Advisory,VDB Entry
https://www.nu11secur1ty.com/2022/01/cve-2021-45334.html Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45334, you might also want to check these: