CVE-2021-41765

Published: Nov 15, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server.

Affected (2)

Products: Montala: Resourcespace

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Montala Resourcespace	Version 9.5
Montala Resourcespace	Version 9.6

Related CWEs

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

References (4)

http://svn.resourcespace.com/svn/rs/releases/9.6/pages/edit_fields/9_ajax/add_keyword.php

Source: cve@mitre.org

Broken LinkVendor Advisory

https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/

Source: cve@mitre.org

ExploitThird Party Advisory

http://svn.resourcespace.com/svn/rs/releases/9.6/pages/edit_fields/9_ajax/add_keyword.php

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.