CVE-2021-42655

Vulnerability

SiteServer CMS version 6.15.51 is affected by a SQL injection vulnerability in the /api/pages/cms/libraryText/list endpoint [1][3]. The keyword parameter in the JSON POST body is not properly sanitized, allowing an attacker to inject SQL commands. The vulnerability requires the attacker to have a valid session (i.e., must be authenticated) [3].

Exploitation

An attacker with a valid login session sends a crafted POST request to /api/pages/cms/libraryText/list with Content-Type application/json. The JSON body includes "keyword":"' and 1=(select @@Version)--" (or similar SQL payload) to trigger the injection. The exploit does not require special privileges beyond standard user access [3].

Impact

Successful exploitation allows the attacker to execute arbitrary SQL commands against the underlying SQL Server database. This can lead to disclosure of sensitive data (e.g., user credentials, application content) and potential modification or deletion of database records [1][3].

Mitigation

As of the available references, no official patched version has been released. Users should upgrade to a newer version if available, or apply input validation and parameterized queries to the affected endpoint. Monitor the vendor's GitHub repository for future fixes [1][2]. Workarounds include restricting access to the endpoint and reviewing database permissions.