CVE-2021-47777

Vulnerability

Overview

Build Smart ERP version 21.0817 contains an unauthenticated SQL injection vulnerability in the login validation endpoint. The 'eidValue' parameter is not properly sanitized, allowing attackers to inject malicious SQL statements. This vulnerability is documented in both advisory and exploit sources [1][2].

Exploitation

Details

The vulnerability is exploitable without authentication via a POST request to the /acc/validateLogin.asp endpoint. By supplying a payload such as ';WAITFOR DELAY '0:0:3'-- in the eidValue parameter, an attacker can perform stacked queries. The exploit requires no special privileges other than network access to the vulnerable server [2].

Impact

Successful exploitation allows an attacker to manipulate database queries, potentially extracting sensitive data, modifying records, or causing denial of service. As the database backend is Microsoft SQL Server, attackers could leverage stacked queries to execute arbitrary commands beyond initial data retrieval [2].

Mitigation

As of the disclosure date, no official patch has been confirmed. Users are advised to apply input validation or upgrade to a later version if available. The vulnerability has been publicly disclosed with a proof-of-concept exploit, increasing the risk of active exploitation [1][2].