Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SQL Injection in "utilisateurs.php" id_utilisateur POST parameter (Authenticated) #5

Open
Frentzen opened this issue Jun 12, 2022 · 1 comment

Comments

@Frentzen
Copy link

Product Version: 9.4.0

Author: Frentzen

CVE Assigned: CVE-2021-41672

Vulnerability Description: Authenticated user (with some administrator pivileges) can inject malicious query in order to achive SQL injection via "id_utilisateur" POST parameter on the /peel-shopping_9_4_0/administrer/utilisateurs.php endpoint. After this attack, attacker can read sensitive information from the database and until modify its data.

Vulnerable URL: http://localhost/peel-shopping_9_4_0/administrer/utilisateurs.php

Proof of Concept:

cverequest2

cveresponse

@fgeek
Copy link

fgeek commented Jun 20, 2022

Looks like prepared statements are not used at all (checked multiple php file) so there will be lot of more SQL-injections. All of the queries need an update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants