Skip to content
Threat Feed
high advisory

EgavilanMedia PHPCRUD 1.0 SQL Injection Vulnerability (CVE-2021-47956)

EgavilanMedia PHPCRUD 1.0 is vulnerable to SQL injection (CVE-2021-47956), allowing unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter in a POST request to insert.php, potentially extracting sensitive database information.

EgavilanMedia PHPCRUD version 1.0 is susceptible to SQL injection, as identified by CVE-2021-47956. This vulnerability allows unauthenticated attackers to inject malicious SQL code through the firstname parameter. By sending crafted POST requests to the insert.php endpoint, attackers can manipulate database queries to extract sensitive information. Successful exploitation of this flaw could lead to unauthorized access to data stored within the application’s database. This vulnerability poses a significant risk to systems running the affected version of PHPCRUD due to the ease of exploitation and potential for significant data compromise.

Attack Chain

  1. Attacker identifies a PHPCRUD 1.0 instance.
  2. Attacker crafts a malicious SQL injection payload.
  3. Attacker sends an HTTP POST request to /insert.php.
  4. The POST request includes the crafted SQL injection payload in the firstname parameter.
  5. The application’s insert.php script processes the POST request without proper sanitization.
  6. The unsanitized firstname parameter is incorporated into an SQL query.
  7. The malicious SQL query is executed against the database.
  8. The attacker extracts sensitive data from the database.

Impact

Successful exploitation of this SQL injection vulnerability allows an attacker to read, modify, or delete sensitive information within the PHPCRUD 1.0 database. This may include user credentials, personal data, or other confidential application data. The CVSS v3.1 score of 8.2 highlights the high severity, reflecting the potential for significant data compromise.

Recommendation

  • Apply available patches or updates provided by EgavilanMedia to address CVE-2021-47956 to remediate the SQL injection vulnerability.
  • Implement the Sigma rule “Detect CVE-2021-47956 Exploitation — PHPCRUD SQL Injection” to identify potential exploitation attempts targeting the vulnerable insert.php endpoint.
  • Review and sanitize all user inputs, especially those passed via HTTP POST requests, to prevent SQL injection attacks.
  • Implement parameterized queries or prepared statements to prevent SQL injection vulnerabilities.

Detection coverage 2

Detect CVE-2021-47956 Exploitation — PHPCRUD SQL Injection

high

Detects CVE-2021-47956 exploitation — SQL injection attempts in PHPCRUD 1.0 via the firstname parameter in insert.php

sigma tactics: initial_access techniques: T1190, T1505.003 sources: webserver

Detect Generic SQL Injection Attempts via POST

medium

Detects generic SQL injection attempts in POST requests using common SQL injection syntax

sigma tactics: initial_access techniques: T1190 sources: webserver

Detection queries are available on the platform. Get full rules →