CVE-2021-47720
Authenticated SQL Injection in Orangescrum 1.8.0 Enables Data Manipulation
Publication date: 2025-12-23
Last updated on: 2025-12-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| orangescrum | orangescrum | 1.8.0 |
| php | php | 5.6.40 |
| apache | http_server | 2.4.38 |
| openssl | openssl | 1.0.2q |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how the authenticated SQL injection vulnerability in Orangescrum 1.8.0 affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2021-47720 is an authenticated SQL injection vulnerability in Orangescrum version 1.8.0. It allows authorized users to inject malicious SQL code into multiple parameters such as old_project_id, project_id, uuid, and uniqid. This improper input handling enables attackers to manipulate database queries, potentially extracting or modifying sensitive database information. [2, 3]
How can this vulnerability impact me? :
This vulnerability can allow an authenticated attacker to manipulate database queries, leading to unauthorized extraction or modification of database information. This can compromise the confidentiality and integrity of your data, potentially exposing sensitive project management information or altering it without authorization. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending authenticated HTTP POST requests to the endpoint /orangescrum/easycases/move_task_to_project with SQL injection payloads in parameters such as old_project_id, project_id, uuid, and uniqid. For example, injecting a single quote (') into the old_project_id parameter (e.g., old_project_id=2') can trigger a SQL error resulting in an HTTP 500 Internal Server Error response, indicating the presence of the vulnerability. Conversely, submitting escaped quotes ('') returns a normal HTTP 200 OK response. Detection commands could involve using curl or similar tools to send such crafted POST requests with these parameters and observing the HTTP response codes and error messages. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the affected Orangescrum 1.8.0 application to trusted users only, as the vulnerability requires authenticated access. Additionally, monitor and audit database queries and application logs for suspicious activity involving the vulnerable parameters. Applying input validation and sanitization on parameters like old_project_id, project_id, uuid, and uniqid is critical. If available, update Orangescrum to a version where this vulnerability is patched. If no patch is available, consider implementing web application firewall (WAF) rules to block malicious SQL injection payloads targeting these parameters. [2, 3]