Submit #90781: SOURCECODESTER Employee Task Management System 1.0 / edit-task.php task_id SQL Injection
| Title | SOURCECODESTER Employee Task Management System 1.0 / edit-task.php task_id SQL Injection |
|---|---|
| Description | Low-privilege authenticated SQL Injection Vulnerability found in Employee Task Management System v 1.0. Vendor Homepage: https://www.sourcecodester.com Software Link: Employee Task Management System (https://www.sourcecodester.com/php/15383/employee-task-management-system-phppdo-free-source-code.html) Version: v 1.0 Details of the Issue: The employee task management system supports two roles of users, one is admin, and another is the normal employee. The detail of the roles are given below: - Admin user has full access to the system. - Employee user has only a few menu access i.e. Task Management (only assigned tasks) and Attendance (clock In and out). So, if the admin assigns a task to a normal employee, an employee could perform the SQL Injection by editing that task from his/her profile. Therefore, low-privileged users could able to get the access full system. Affected Page: edit-task.php On this page, the task_id parameter is vulnerable to SQL Injection Attack Proof of Concept: The following steps are involved: 1- Admin assigned a task to an employee (ABC) 2- ABC employee edit the task and could perform the SQL injection with vulnerable parameter (edit-task.php?task_id=765) Following payload can be used to exploit the SQL injection on this page URL: localhost/etms/edit-task.php?task_id=765%27+and+false+union+select+1,version(),3,database(),user(),6,7--+- Recommendation: Whoever uses this CMS, should update line no 27 of edit-task.php with the following code to avoid SQL Injection attack: Old Code: $sql = "SELECT * FROM task_info WHERE task_id='$task_id' "; New Code: $sql = $obj_admin->db->prepare("SELECT * FROM task_info WHERE task_id=:task_id "); $sql->bindparam(':task_id', $task_id); $sql->execute(); $row = $sql->fetch(PDO::FETCH_ASSOC); |
| Source | ⚠️ https:/ |
| User | navaidansari (ID 41266) |
| Submission | 02/17/2023 20:45 (1 Year ago) |
| Moderation | 02/18/2023 08:35 (12 hours later) |
| Accepted | Accepted |
| VulDB Entry | VDB-221452 |