CVE-2021-43329
Description
A SQL injection vulnerability in license_update.php in Mumara Classic through 2.93 allows a remote unauthenticated attacker to execute arbitrary SQL commands via the license parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Mumara Classic through 2.93 contains an unauthenticated SQL injection in license_update.php, allowing remote attackers to execute arbitrary SQL commands via the license parameter.
Vulnerability
A SQL injection vulnerability exists in license_update.php in Mumara Classic through version 2.93 [1][2][3]. The license POST parameter is not sanitized before being used in SQL queries, allowing an unauthenticated remote attacker to inject arbitrary SQL commands.
Exploitation
An attacker can exploit this vulnerability by sending a crafted POST request to license_update.php with a malicious license parameter. No authentication is required. The vulnerability is error-based blind SQL injection, which can be exploited manually or using automated tools such as sqlmap [2][3]. A sample sqlmap command is: sqlmap -u https://target/license_update.php --method POST --data "license=MUMARA-Delux-01x84ndsa40&install=install" -p license --cookie="PHPSESSID=any32gbaer3jaeif108fjci9x" --dbms=mysql [2][3].
Impact
Successful exploitation allows the attacker to execute arbitrary SQL commands on the underlying MySQL database. This can lead to unauthorized access to sensitive data, modification of database contents, or potential further compromise of the server.
Mitigation
The vendor has patched the vulnerability in legitimate future versions of Mumara Classic [1]. Users should upgrade to the latest patched version. As of the publication date (2022-08-25), no specific fixed version number has been disclosed. There is no known workaround; upgrading is the recommended action.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Mumara Classic/Mumara Classicdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- cxsecurity.com/issue/WLB-2021110057mitrex_refsource_MISC
- packetstormsecurity.com/files/164947/Mumara-Classic-2.93-SQL-Injection.htmlmitrex_refsource_MISC
- packetstormsecurity.com/files/164947/mumaraclassic293-sql.txtmitrex_refsource_MISC
- vulners.com/zdt/1337DAY-ID-37036mitrex_refsource_MISC
- www.cyberdetails.org/2021/11/mumara-classic-293-sql-injection.htmlmitrex_refsource_MISC
- www.exploit-db.com/exploits/50518mitrex_refsource_MISC
- www.gen.net.uk/about-us/news/50-exploit-db/18335-webapps-mumara-classic-293-license-sql-injection-unauthenticatedmitrex_refsource_MISC
- www.linkedin.com/posts/shain-lakin_mumara-classic-293-license-sql-injection-activity-6867380934908506112-dAJdmitrex_refsource_MISC
- www.mumara.com/classic/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.