SQL Injection in slackero/phpwcms

Valid

Reported on

Aug 21st 2021


✍️ Description

Data enters a program from an untrusted source

🕵️‍♂️ Proof of Concept

if($result = mysqli_query($db, 'SELECT * FROM '. ($phpwcms["db_prepend"] ? $phpwcms["db_prepend"].'_' : '').'phpwcms_user')) {

💥 Impact

A successful attack may result in the unauthorized viewing of user lists, the deletion of entire tables and, in certain cases, the attacker gaining administrative rights to a database, all of which are highly detrimental to a business.

We have contacted a member of the slackero/phpwcms team and are waiting to hear back 4 months ago
Oliver Georgi validated this vulnerability 3 months ago
rohit75033 has been awarded the disclosure bounty
The fix bounty is now up for grabs
Oliver Georgi
3 months ago

Maintainer


Usually no problem here because the user having access has all permissions top access the database.

Oliver Georgi confirmed that a fix has been merged on 77dafb 3 months ago
Oliver Georgi has been awarded the fix bounty