Отправить #258782: gopeak MasterLab ≤v3.3.10 Pre-Auth SQL InjectionИнформация

Названиеgopeak MasterLab ≤v3.3.10 Pre-Auth SQL Injection
ОписаниеMasterLab is a project management tool that offers task management, issue tracking, and team collaboration features through its web platform. A pre-authentication SQL injection vulnerability has been identified in an earlier version of MasterLab (version 3.3.10 and below). This vulnerability is located in the sqlInject function within the app/ctrl/framework/Feature.php file. The sqlInject function fails to properly sanitize or escape the user-supplied pwd parameter, allowing an attacker to construct malicious SQL queries to manipulate the database. The presence of the vulnerability may be due to the developers creating this piece of code for testing purposes but then forgetting to remove it. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the /framework/feature/sqlInject endpoint with malicious SQL code, such as pwd=1' or sleep(5)='1, which would cause the database to execute the sleep function, resulting in a 5-second response delay. This delay indicates the successful execution of an SQL injection attack. The exploitation of this vulnerability does not require the attacker to be authenticated, hence it is classified as a pre-authentication SQL injection vulnerability. Since this vulnerability could allow unauthorized attackers to execute arbitrary SQL statements, it could lead to sensitive data exposure, data tampering, or even full database compromise. Therefore, it is considered a critical security issue that requires immediate attention. Users of MasterLab v3.3.10 and below are advised to upgrade to the latest version as soon as possible to mitigate potential security risks.
Источник⚠️ https://note.zhaoj.in/share/4HDWrBHGCf9e
Пользователь
 glzjin (UID 59815)
Представление27.12.2023 10:39 (2 лет назад)
Модерация28.12.2023 09:33 (23 hours later)
Статуспринято
Запись VulDB249147 [gopeak MasterLab до 3.3.10 HTTP POST Request Feature.php sqlInject pwd SQL-инъекция]
Баллы20

ПредыдущийОбзорДалее

Interested in the pricing of exploits?

See the underground prices here!