CVE-2021-45794 – CVE-2021-45794 is an SQL injection vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2021-45794?

CVE-2021-45794 has a CVSS score of 7.5 (HIGH). CVE-2021-45794 is an SQL injection vulnerability in Slims9 Bulian's backup.php module that allows attackers to execute arbitrary SQL commands. This can lead to unauthorized access to sensitive user data stored in the database. All systems running the vulnerable version with the backup module accessible are affected.

📋 TL;DR

CVE-2021-45794 is an SQL injection vulnerability in Slims9 Bulian's backup.php module that allows attackers to execute arbitrary SQL commands. This can lead to unauthorized access to sensitive user data stored in the database. All systems running the vulnerable version with the backup module accessible are affected.

💻 Affected Systems

Products:

Slims9 Bulian

Versions: 9.4.2 and potentially earlier versions

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires access to the /admin/modules/system/backup.php endpoint, typically requiring admin authentication.

📦 What is this software?

Senayan Library Management System by Slims

View all CVEs affecting Senayan Library Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including extraction of all user credentials, personal data, and potential system takeover through privilege escalation.

🟠

Likely Case

Unauthorized access to user data including usernames, emails, and potentially hashed passwords from the database.

🟢

If Mitigated

Limited impact with proper input validation and database permission restrictions in place.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is accessible via web interface and SQL injection can be exploited remotely.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this to gain unauthorized database access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection vulnerabilities are commonly exploited and tools exist for automated exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GitHub repository for latest patched version

Vendor Advisory: https://github.com/slims/slims9_bulian/issues/124

Restart Required: No

Instructions:

1. Update to latest Slims9 Bulian version. 2. Apply security patches from GitHub repository. 3. Validate backup.php file has proper input sanitization.

🔧 Temporary Workarounds

Restrict Access to Backup Module

all

Block access to the vulnerable backup.php endpoint using web server configuration

# Apache: RewriteRule ^admin/modules/system/backup\.php$ - [F]
# Nginx: location ~ ^/admin/modules/system/backup\.php$ { return 403; }

Implement WAF Rules

all

Add SQL injection detection rules to web application firewall

# ModSecurity: SecRule ARGS "@detectSQLi" "id:1001,phase:2,deny"

🧯 If You Can't Patch

Implement strict input validation and parameterized queries in backup.php
Restrict database user permissions to minimum required for backup operations

🔍 How to Verify

Check if Vulnerable:

Test the backup.php endpoint with SQL injection payloads like ' OR '1'='1 in parameters

Check Version:

Check Slims9 version in system configuration or admin panel

Verify Fix Applied:

Verify backup.php no longer accepts SQL injection payloads and uses parameterized queries

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by backup.php access
SQL syntax errors in web server logs

Network Indicators:

HTTP POST requests to backup.php with SQL keywords in parameters
Unusual database connection patterns from web server

SIEM Query:

source="web_logs" AND uri="/admin/modules/system/backup.php" AND (query CONTAINS "UNION" OR query CONTAINS "SELECT" OR query CONTAINS "INSERT")

📊 Metadata

CVE ID: CVE-2021-45794

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

Published: March 17, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/slims/slims9_bulian/issues/124 Exploit,Issue Tracking,Third Party Advisory
https://github.com/slims/slims9_bulian/issues/124 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45794, you might also want to check these: