CVE-2021-46061
📋 TL;DR
This CVE describes a critical SQL injection vulnerability in the Computer and Mobile Repair Shop Management System (RSMS) 1.0. Attackers can exploit the 'code' parameter in the /rsms/ node application to execute arbitrary SQL commands, potentially compromising the entire database. Organizations using RSMS 1.0 are affected.
💻 Affected Systems
- Sourcecodester Computer and Mobile Repair Shop Management System (RSMS)
📦 What is this software?
Computer And Mobile Repair Shop Management System by Computer And Mobile Repair Shop Management System Project
View all CVEs affecting Computer And Mobile Repair Shop Management System →
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, data destruction, authentication bypass, and potential remote code execution on the underlying server.
Likely Case
Unauthorized access to sensitive customer and repair data, including personal information, financial records, and business operations data.
If Mitigated
Limited impact with proper input validation, parameterized queries, and database permissions restricting the application account.
🎯 Exploit Status
Public proof-of-concept code is available in GitHub repositories. The exploit requires minimal technical skill due to the straightforward SQL injection vector.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: No official vendor advisory found
Restart Required: No
Instructions:
1. Check vendor website for updated version. 2. If no patch available, implement workarounds. 3. Consider replacing with alternative software.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement server-side validation and sanitization of the 'code' parameter to prevent SQL injection.
Modify the PHP code handling the 'code' parameter to use prepared statements with parameterized queries.
Web Application Firewall (WAF)
allDeploy a WAF with SQL injection protection rules to block malicious requests.
Configure WAF rules to detect and block SQL injection patterns in the 'code' parameter.
🧯 If You Can't Patch
- Isolate the RSMS application in a segmented network zone with strict firewall rules limiting access.
- Implement database-level controls: restrict application database user permissions to minimum required operations.
🔍 How to Verify
Check if Vulnerable:
Test the /rsms/ endpoint with SQL injection payloads in the 'code' parameter (e.g., code=1' OR '1'='1). Monitor for database errors or unexpected responses.Check Version:
Check the application's version file or configuration settings, typically found in the web root directory.Verify Fix Applied:
After implementing fixes, retest with the same SQL injection payloads. Verify that inputs are properly sanitized and no database errors are returned.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL syntax errors in application logs
- Multiple failed login attempts or parameter manipulation in access logs
Network Indicators:
- HTTP requests to /rsms/ with SQL keywords in parameters (e.g., UNION, SELECT, OR)
SIEM Query:
source="web_logs" AND uri_path="/rsms/*" AND (param="code" AND value="*' OR*" OR value="*UNION*" OR value="*SELECT*")