CVE-2021-45791
📋 TL;DR
Slims8 Akasia 8.3.1 contains SQL injection vulnerabilities in multiple admin modules through the dir parameter. This allows authenticated librarian users to execute arbitrary SQL commands on the database. The vulnerability affects systems running the vulnerable version of this library management software.
💻 Affected Systems
- Slims8 Akasia
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data manipulation, privilege escalation to admin, and potential remote code execution if database functions allow it.
Likely Case
Unauthorized data access and modification of library records, member information, and system settings by authenticated malicious librarians.
If Mitigated
Limited impact due to proper input validation, parameterized queries, and restricted database permissions.
🎯 Exploit Status
Exploitation requires authenticated librarian credentials. SQL injection through dir parameter is straightforward for attackers with basic SQL knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.3.2 or later
Vendor Advisory: https://github.com/slims/slims8_akasia/issues/200
Restart Required: No
Instructions:
1. Backup your database and application files. 2. Download and install Slims8 Akasia 8.3.2 or later from the official repository. 3. Replace affected files with patched versions. 4. Test functionality of admin modules.
🔧 Temporary Workarounds
Input Validation Filter
allAdd server-side validation to reject malicious dir parameter values
Modify affected PHP files to validate dir parameter accepts only alphanumeric characters
Database Permission Restriction
allLimit database user permissions to minimum required
REVOKE ALL PRIVILEGES ON database.* FROM 'app_user'@'localhost';
GRANT SELECT, INSERT, UPDATE ON specific_tables TO 'app_user'@'localhost';
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block SQL injection patterns in dir parameter
- Restrict access to affected admin modules to only trusted librarian accounts with additional authentication
🔍 How to Verify
Check if Vulnerable:
Check if running Slims8 Akasia 8.3.1 and test dir parameter in affected endpoints with SQL injection payloadsCheck Version:
Check README or version file in Slims8 installation directoryVerify Fix Applied:
Verify version is 8.3.2 or later and test that SQL injection attempts in dir parameter are properly sanitized📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts followed by admin module access
- dir parameter containing SQL keywords in web server logs
Network Indicators:
- POST/GET requests to affected endpoints with suspicious dir parameter values
SIEM Query:
source="web_logs" AND (uri="/admin/modules/bibliography/index.php" OR uri="/admin/modules/membership/member_type.php" OR uri="/admin/modules/system/user_group.php" OR uri="/admin/modules/membership/index.php") AND (param="dir" AND value CONTAINS "UNION" OR value CONTAINS "SELECT" OR value CONTAINS "--")