Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13NGYzLTdmN2MteDY1Ms00Eg
SQL Injection in tribalsystems/zenario
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 and prior allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete module.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13NGYzLTdmN2MteDY1Ms00Eg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 2 years ago
Updated: 10 months ago
CVSS Score: 9.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Identifiers: GHSA-w4f3-7f7c-x652, CVE-2021-26830
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-26830
- https://github.com/TribalSystems/Zenario/commit/2c82a4d126c8446106347ef603b157f2d4175fd1
- https://github.com/TribalSystems/Zenario/releases/tag/8.8.53370
- https://edhunter484.medium.com/blind-sql-injection-on-zenario-cms-b58b6820c32d
- https://www.exploit-db.com/exploits/49642
- https://github.com/advisories/GHSA-w4f3-7f7c-x652
Blast Radius: 0.0
Affected Packages
packagist:tribalsystems/zenario
Dependent packages: 1Dependent repositories: 1
Downloads: 188 total
Affected Version Ranges: < 8.8.53370
Fixed in: 8.8.53370
All affected versions: 7.5.40440, 7.5.41006, 7.5.41499, 7.5.41633, 7.5.42085, 7.5.42990, 7.5.47180, 7.6.41504, 7.6.41633, 7.6.42085, 7.6.42990, 7.6.47180, 7.7.42682, 7.7.42963, 7.7.42990, 7.7.44223, 7.7.47180, 7.7.47369, 7.7.48583, 8.0.44237, 8.0.44273, 8.0.44294, 8.0.44521, 8.0.45032, 8.0.45250, 8.0.45529, 8.0.47180, 8.0.48583, 8.1.45530, 8.1.45698, 8.1.46089, 8.1.46433, 8.1.46615, 8.1.47180, 8.1.47369, 8.1.48583, 8.2.46436, 8.2.46614, 8.2.47180, 8.2.47369, 8.2.47992, 8.2.48583, 8.3.47997, 8.3.48583, 8.3.50564, 8.4.50565, 8.4.51340, 8.5.50567, 8.5.50837, 8.5.51340, 8.6.51342
All unaffected versions: 8.8.53370, 8.8.53725, 8.8.54063, 8.9.54063, 8.9.54149, 8.9.54153, 8.9.55141, 9.0.54156, 9.0.55141, 9.0.57473, 9.1.55143, 9.1.55510, 9.1.55619, 9.1.57473, 9.2.55826, 9.2.57169, 9.2.57473, 9.3.57186, 9.3.57474, 9.3.57595, 9.3.57709, 9.3.57754, 9.3.58670, 9.4.58686, 9.4.59197, 9.4.59574, 9.4.60437, 9.5.59574, 9.5.59647, 9.5.60240, 9.5.60437, 9.5.60602, 9.6.60604, 9.6.60771