CVE-2021-27672: 
PHP vulnerability analysis and mitigation

A SQL injection vulnerability was discovered in Zenario CMS version 8.8.52729, identified as CVE-2021-27672. The vulnerability exists in the admin_boxes.ajax.php file when creating a new HTML page, specifically in the 'cID' parameter. This vulnerability was discovered by Avinash R from Zacco Cyber Security Research Labs and was reported on February 5, 2021, with a fix released on February 8, 2021 in version 8.8.53370 (Medium Blog).

The vulnerability is present in the admin interface of Zenario CMS when creating new HTML pages. The 'cID' parameter in admin_boxes.ajax.php is susceptible to SQL injection attacks. The issue can be confirmed by inserting a single quote character into the cID parameter, which triggers SQL error messages. The vulnerability allows for both blind and error-based SQL injection techniques (Medium Blog).

When exploited, this vulnerability allows authenticated administrators to potentially dump all data from the database through SQL injection attacks. The vulnerability provides access to sensitive database information through the injection of SQL commands into the 'cID' parameter (Medium Blog).

The vulnerability was patched in Zenario CMS version 8.8.53370. Users should upgrade to this version or later to mitigate the risk. The fixed version is available through the official Zenario GitHub repository (Medium Blog).