Cyber Resilience

CVE-2021-47777

HighPublic PoC

Published: 15 January 2026

Published
15 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0022 12.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2021-47777 is a high-severity SQL Injection (CWE-89) vulnerability in Ribccs (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2021-47777 is an unauthenticated SQL injection vulnerability affecting Build Smart ERP version 21.0817, specifically in the 'eidValue' parameter of the login validation endpoint. This flaw, classified under CWE-89, allows attackers to inject stacked SQL queries, such as ';WAITFOR DELAY '0:0:3'--, enabling manipulation of database operations. The vulnerability carries a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N), indicating high severity due to its potential for significant confidentiality impact with low integrity impact and no availability disruption.

Any unauthenticated attacker with network access can exploit this vulnerability by sending crafted requests to the login validation endpoint, requiring no privileges or user interaction. Successful exploitation allows manipulation of database queries, potentially leading to extraction or modification of sensitive database information, as demonstrated by the stacked query payload that introduces delays or further commands.

Advisories and additional details are available through references including the vendor solution page at https://ribccs.com/solutions/solution-buildsmart and a proof-of-concept exploit at https://www.exploit-db.com/exploits/50445.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' parameter of the login validation endpoint. Attackers can inject stacked SQL queries using payloads like ';WAITFOR DELAY '0:0:3'-- to manipulate database queries and potentially extract or modify…

more

database information.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated remote SQL injection in a public-facing ERP login endpoint directly enables T1190 (Exploit Public-Facing Application) for database manipulation and data access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24956Shared CWE-89
CVE-2026-33615Shared CWE-89
CVE-2025-28939Shared CWE-89
CVE-2021-47872Shared CWE-89
CVE-2025-28873Shared CWE-89
CVE-2019-25636Shared CWE-89
CVE-2026-32611Shared CWE-89
CVE-2026-42755Shared CWE-89
CVE-2024-53544Shared CWE-89
CVE-2026-21410Shared CWE-89

Affected Assets

Ribccs
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents SQL injection by requiring validation of untrusted inputs such as the 'eidValue' parameter in the login endpoint before database query execution.

prevent

Mandates identification, reporting, and correction of flaws like this unauthenticated SQL injection vulnerability in the application.

detect

Facilitates detection of SQL injection vulnerabilities through vulnerability scanning, enabling timely remediation of issues like CVE-2021-47777.

References