CVE-2021-47711
📋 TL;DR
This SQL injection vulnerability in Kentico Xperience allows authenticated editors to execute arbitrary SQL queries through online marketing macro parameters. Attackers can access, modify, or delete database content by exploiting insufficient input validation. Organizations using vulnerable Kentico Xperience versions with authenticated editor accounts are affected.
💻 Affected Systems
- Kentico Xperience
📦 What is this software?
Xperience by Kentico
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data destruction, privilege escalation to administrative accounts, and potential server takeover via SQL server command execution.
Likely Case
Unauthorized data access and manipulation of marketing data, user information, and content management system data by authenticated malicious editors.
If Mitigated
Limited impact with proper input validation, parameterized queries, and least privilege access controls in place.
🎯 Exploit Status
Exploitation requires authenticated editor access but uses simple SQL injection techniques against known vulnerable parameters.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Hotfixes available via Kentico DevNet
Vendor Advisory: https://devnet.kentico.com/download/hotfixes
Restart Required: Yes
Instructions:
1. Download appropriate hotfix from Kentico DevNet. 2. Backup your Kentico Xperience installation and database. 3. Apply the hotfix according to Kentico's installation instructions. 4. Restart the application and verify functionality.
🔧 Temporary Workarounds
Input Validation Enhancement
allImplement strict input validation for all macro method parameters to reject SQL special characters.
Parameterized Queries
allModify online marketing macro code to use parameterized SQL queries instead of string concatenation.
🧯 If You Can't Patch
- Restrict editor access to only trusted personnel and implement strict access controls.
- Implement web application firewall (WAF) rules to block SQL injection patterns targeting macro parameters.
🔍 How to Verify
Check if Vulnerable:
Review Kentico Xperience version and check if hotfixes for CVE-2021-47711 have been applied. Test macro parameters for SQL injection vulnerabilities.Check Version:
Check Kentico administration dashboard or web.config for version information.Verify Fix Applied:
Verify hotfix installation through Kentico administration interface and test that SQL injection attempts on macro parameters are properly blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed macro parameter validation attempts
- Suspicious editor account activity
Network Indicators:
- SQL error messages in HTTP responses
- Unusual parameter patterns in POST requests to macro endpoints
SIEM Query:
source="web_server" AND (url="*macro*" AND (param="*sql*" OR param="*union*" OR param="*select*"))