CVE-2021-45802 – CVE-2021-45802 is a critical SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2021-45802?

CVE-2021-45802 has a CVSS score of 9.8 (CRITICAL). CVE-2021-45802 is a critical SQL injection vulnerability in MartDevelopers iResturant 1.0 that allows attackers to execute arbitrary SQL commands through the email and phone parameters during membership registration. This affects all users running the vulnerable version of iResturant software, potentially compromising the entire database.

📋 TL;DR

CVE-2021-45802 is a critical SQL injection vulnerability in MartDevelopers iResturant 1.0 that allows attackers to execute arbitrary SQL commands through the email and phone parameters during membership registration. This affects all users running the vulnerable version of iResturant software, potentially compromising the entire database.

💻 Affected Systems

Products:

MartDevelopers iResturant

Versions: 1.0

Operating Systems: Any OS running the iResturant web application

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of version 1.0 are vulnerable by default as the SQL injection occurs in core registration functionality.

📦 What is this software?

Iresturant by Iresturant Project

View all CVEs affecting Iresturant →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, authentication bypass, and potential remote code execution if database functions allow it.

🟠

Likely Case

Unauthorized access to sensitive customer data, modification of restaurant operations data, and potential privilege escalation.

🟢

If Mitigated

Attack attempts are blocked at the application layer with no successful exploitation.

🌐 Internet-Facing: HIGH - The vulnerability is in a web application component that's typically internet-facing for restaurant management systems.

🏢 Internal Only: MEDIUM - Even if not internet-facing, internal attackers or compromised systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept code exists showing exploitation through membership registration endpoint. No authentication required to trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative restaurant management software or implementing workarounds.

🔧 Temporary Workarounds

Input Validation and Parameterized Queries

all

Implement proper input validation and use parameterized queries/prepared statements for all database operations.

Modify PHP code to use prepared statements: $stmt = $conn->prepare('INSERT INTO users (email, phone) VALUES (?, ?)'); $stmt->bind_param('ss', $email, $phone); $stmt->execute();

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection protection rules to block exploitation attempts.

Configure WAF rules to block SQL injection patterns in email and phone parameters

🧯 If You Can't Patch

Implement network segmentation to isolate the iResturant system from sensitive networks
Deploy database monitoring to detect unusual SQL queries and access patterns

🔍 How to Verify

Check if Vulnerable:

Test the membership registration endpoint with SQL injection payloads in email or phone parameters (e.g., email=test' OR '1'='1). Monitor database logs for unusual queries.

Check Version:

Check application version in admin panel or review source code for version markers

Verify Fix Applied:

Attempt SQL injection tests after implementing parameterized queries. Verify no database errors or unexpected behavior occurs.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed registration attempts with special characters
Database error messages containing SQL syntax

Network Indicators:

HTTP POST requests to registration endpoint with SQL keywords in parameters
Unusual database connection patterns

SIEM Query:

source="web_logs" AND (uri_path="/register" OR uri_path="/signup") AND (param_email CONTAINS "'" OR param_phone CONTAINS "'")

📊 Metadata

CVE ID: CVE-2021-45802

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: January 25, 2022

Last Updated: November 21, 2024

🔗 References

https://blog.pocas.kr/posts/sqli-iResturant/ Broken Link
https://gist.github.com/P0cas/5aa55f62781364a750ac4a4d47f319fa#file-cve-2021-45802-md Exploit,Third Party Advisory
https://blog.pocas.kr/posts/sqli-iResturant/ Broken Link
https://gist.github.com/P0cas/5aa55f62781364a750ac4a4d47f319fa#file-cve-2021-45802-md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45802, you might also want to check these: