Critical severityNVD Advisory· Published Apr 16, 2021· Updated Aug 3, 2024
CVE-2021-26830
CVE-2021-26830
Description
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete module.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tribalsystems/zenarioPackagist | < 8.8.53370 | 8.8.53370 |
Affected products
2- Tribalsystems/Zenario CMSdescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-w4f3-7f7c-x652ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-26830ghsaADVISORY
- edhunter484.medium.com/blind-sql-injection-on-zenario-cms-b58b6820c32dghsaWEB
- github.com/TribalSystems/Zenario/commit/2c82a4d126c8446106347ef603b157f2d4175fd1ghsaWEB
- github.com/TribalSystems/Zenario/releases/tag/8.8.53370ghsax_refsource_CONFIRMWEB
- www.exploit-db.com/exploits/49642ghsaWEB
News mentions
0No linked articles in our index yet.