CVE-2021-27581: 
Kentico Xperience vulnerability analysis and mitigation

The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 contains a critical SQL injection vulnerability that was discovered in February 2021. The vulnerability allows SQL injection attacks via the 'tagname' parameter, which can be exploited without requiring authentication (Obrela Blog). The vulnerability was assigned CVE-2021-27581 and was publicly disclosed on March 5, 2021 (NVD).

The vulnerability is a time-based blind SQL injection that exists in the Blog module's handling of the 'tagname' parameter. When exploited, the vulnerability allows attackers to interact with the backend Microsoft SQL server database through specially crafted requests. The vulnerability has received a CVSS v3.1 base score of 9.8 (Critical), indicating its severe nature. A sample exploit payload has been documented: tagname=test'+(SELECT CHAR(118)+CHAR(103)+CHAR(85)+CHAR(89) WHERE 1718=1718 AND 6176=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7))+'&groupid=1 (GitHub Gist).

Successful exploitation of this vulnerability allows unauthorized access, modification, and deletion of stored data in the backend database. Under specific conditions, it could potentially lead to complete compromise of the underlying operating system hosting Kentico (Obrela Blog).

The software vendor has advised users to update Kentico CMS to the latest version that is not vulnerable to this security flaw (Obrela Blog).