CVE-2021-24295 - OpenCVE

It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via the User-Agent Header by manipulating the cookies set by the Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.153.4, sending an initial request to obtain a ct_sfw_pass_key cookie and then manually setting a separate ct_sfw_passed cookie and disallowing it from being reset.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cleantalk	Spam Protection\, Antispam\, Firewall

Configuration 1 [-]

cpe:2.3:a:cleantalk:spam_protection\,_antispam\,_firewall:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://wpscan.com/vulnerability/152171fc-888c-4275-a118-5a1e664ef28b	Third Party Advisory
https://www.wordfence.com/blog/2021/05/sql-injection-vulnerability-patched-in-cleantalk-antispam-plugin/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2021-05-17T16:48:53

Updated: 2021-05-17T16:48:53

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24295

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-05-17T17:15:08.243

Modified: 2021-05-24T19:08:16.643

Link: CVE-2021-24295

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": "Spam protection, AntiSpam, FireWall by CleanTalk", "vendor": "\u0421leanTalk", "versions": [{"lessThan": "5.153.4", "status": "affected", "version": "5.153.4", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Ramuel Gall"}], "descriptions": [{"lang": "en", "value": "It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via the User-Agent Header by manipulating the cookies set by the Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.153.4, sending an initial request to obtain a ct_sfw_pass_key cookie and then manually setting a separate ct_sfw_passed cookie and disallowing it from being reset."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-17T16:48:53", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://wpscan.com/vulnerability/152171fc-888c-4275-a118-5a1e664ef28b"}, {"tags": ["x_refsource_MISC"], "url": "https://www.wordfence.com/blog/2021/05/sql-injection-vulnerability-patched-in-cleantalk-antispam-plugin/"}], "source": {"discovery": "UNKNOWN"}, "title": "Time-based Blind SQL Injection in Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24295", "STATE": "PUBLIC", "TITLE": "Time-based Blind SQL Injection in Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spam protection, AntiSpam, FireWall by CleanTalk", "version": {"version_data": [{"version_affected": "<", "version_name": "5.153.4", "version_value": "5.153.4"}]}}]}, "vendor_name": "\u0421leanTalk"}]}}, "credit": [{"lang": "eng", "value": "Ramuel Gall"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via the User-Agent Header by manipulating the cookies set by the Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.153.4, sending an initial request to obtain a ct_sfw_pass_key cookie and then manually setting a separate ct_sfw_passed cookie and disallowing it from being reset."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89 SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/152171fc-888c-4275-a118-5a1e664ef28b", "refsource": "CONFIRM", "url": "https://wpscan.com/vulnerability/152171fc-888c-4275-a118-5a1e664ef28b"}, {"name": "https://www.wordfence.com/blog/2021/05/sql-injection-vulnerability-patched-in-cleantalk-antispam-plugin/", "refsource": "MISC", "url": "https://www.wordfence.com/blog/2021/05/sql-injection-vulnerability-patched-in-cleantalk-antispam-plugin/"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24295", "datePublished": "2021-05-17T16:48:53", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2021-05-17T16:48:53", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}