CVE-2021-26830
CRITICAL9.1EPSS 0.93%SQL Injection in tribalsystems/zenario
Published: 3/18/2022Modified: 2/16/2024
Also known as:GHSA-w4f3-7f7c-x652
Description
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 and prior allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
Affected packages (1)
- Packagist/tribalsystems/zenariofrom 0, < 8.8.53370
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-26830
- WEBhttps://edhunter484.medium.com/blind-sql-injection-on-zenario-cms-b58b6820c32d
- WEBhttps://github.com/TribalSystems/Zenario/commit/2c82a4d126c8446106347ef603b157f2d4175fd1
- WEBhttps://github.com/TribalSystems/Zenario/releases/tag/8.8.53370
- WEBhttps://www.exploit-db.com/exploits/49642