CVE-2021-25899 — AI Deep Analysis Summary

🚨 **Essence**: Blind Time-Based SQL Injection in `svc-login.php`. 💥 **Consequences**: Attackers can extract sensitive data, modify records, or execute unauthorized admin ops by manipulating HTTP requests.

🛡️ **Root Cause**: Unsanitized input in the `param1` parameter. ⚠️ **Flaw**: The application fails to validate user input before constructing SQL queries, allowing malicious payloads to alter database logic.

📦 **Affected Product**: Void Aural Rec Monitor. 📉 **Version**: Specifically **9.0.0.1**. 🏢 **Vendor**: Void (Spain).

🕵️ **Capabilities**: Extract sensitive info, modify data, or run admin commands. 🔓 **Privileges**: Runs in the context of the affected site/database, potentially granting full control over stored data.

🔓 **Auth Status**: **Unauthenticated**. 🚪 **Access**: No login required. Attackers can send crafted HTTP requests directly to the endpoint, making it extremely easy to exploit.

💻 **PoC Available**: Yes! 📂 **Source**: ProjectDiscovery Nuclei Templates (`CVE-2021-25899.yaml`). 🌐 **Public**: Widely accessible via GitHub and Trustwave research.

🔍 **Self-Check**: Scan for `svc-login.php` endpoints. 🧪 **Test**: Send time-delay payloads via `param1`. ⏱️ **Indicator**: If the server response time varies based on the payload, SQLi is likely present.

🛠️ **Fix Status**: Trustwave provided detailed case studies and advisories. 📝 **Action**: Update to a patched version if available, or apply vendor-specific security patches immediately.

🚧 **Workaround**: Block external access to `svc-login.php` via WAF or firewall rules. 🚫 **Mitigation**: Disable the service if not needed, or restrict IP access to trusted networks only.

🔥 **Priority**: **HIGH**. ⚡ **Reason**: Unauthenticated + Public PoC = High Risk. 🏃 **Action**: Patch or mitigate immediately to prevent data breaches and unauthorized access.