SQL Injection in '/module/accounts/ajax.php' in unilogies/bumsys
Mar 2nd 2023
There exists an SQL injection affecting the
length parameters located in the file
Let's take a look at the following code:
group by company_id order by company_name ". safe_input($requestData['order']['dir']) ." LIMIT ". safe_input($requestData['start']) .", ". safe_input($requestData['length']) ."
Even though the input variables are sanitized, there are no quotes needed to inject into the SQL query.
Authenticated users are able to disclose the contents of the database.
We are processing your report and will contact the unilogies/bumsys team within 24 hours. 3 months ago
Khurshid Alam validated this vulnerability 3 months ago
TsarSec has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Khurshid Alam marked this as fixed in 2.2.0 with commit 1b426f a month ago
This vulnerability will not receive a CVE
to join this conversation