CVE-2023-1153 – This SQL injection vulnerability in Pacsrapor a... (How to Fix)

Q: What is the severity of CVE-2023-1153?

CVE-2023-1153 has a CVSS score of 9.8 (CRITICAL). This SQL injection vulnerability in Pacsrapor allows attackers to execute arbitrary SQL commands, potentially leading to command line execution. It affects all Pacsrapor installations before version 1.22, putting organizations using this software at risk of data theft and system compromise.

📋 TL;DR

This SQL injection vulnerability in Pacsrapor allows attackers to execute arbitrary SQL commands, potentially leading to command line execution. It affects all Pacsrapor installations before version 1.22, putting organizations using this software at risk of data theft and system compromise.

💻 Affected Systems

Products:

Pacsrapor

Versions: All versions before 1.22

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with default configurations are vulnerable. The vulnerability exists in the application code itself.

📦 What is this software?

Pacsrapor by Pacsrapor

View all CVEs affecting Pacsrapor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through SQL injection leading to command execution, data exfiltration, and complete control of affected systems.

🟠

Likely Case

Database compromise leading to sensitive data exposure, data manipulation, and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only error messages or limited data exposure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are typically easy to exploit with basic knowledge of SQL and web application testing tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.22

Vendor Advisory: https://www.usom.gov.tr/bildirim/tr-23-0163

Restart Required: Yes

Instructions:

1. Download Pacsrapor version 1.22 or later from official sources. 2. Backup current installation and data. 3. Stop the Pacsrapor service. 4. Install the updated version. 5. Restart the service. 6. Verify functionality.

🔧 Temporary Workarounds

Web Application Firewall

all

Deploy a WAF with SQL injection protection rules to block malicious requests

Database Permissions Restriction

all

Limit database user permissions to prevent command execution capabilities

REVOKE EXECUTE ON xp_cmdshell FROM [database_user];

🧯 If You Can't Patch

Isolate the Pacsrapor system from internet access and restrict internal network access
Implement strict input validation and parameterized queries at the application level

🔍 How to Verify

Check if Vulnerable:

Check Pacsrapor version in application interface or configuration files. If version is below 1.22, system is vulnerable.

Check Version:

Check application web interface or configuration files for version information

Verify Fix Applied:

Confirm version is 1.22 or higher and test SQL injection attempts are properly blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts with SQL syntax
Application error logs showing SQL errors

Network Indicators:

HTTP requests containing SQL keywords (SELECT, UNION, etc.)
Unusual outbound database connections

SIEM Query:

source="web_server" AND ("SELECT" OR "UNION" OR "xp_cmdshell") AND status=200

📊 Metadata

CVE ID: CVE-2023-1153

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: March 21, 2023

Last Updated: November 21, 2024

🔗 References

https://www.usom.gov.tr/bildirim/tr-23-0163 Third Party Advisory
https://www.usom.gov.tr/bildirim/tr-23-0163 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-1153, you might also want to check these: