20200309 Authenticated SQL injection
Arjen van Bochoven edited this page Mar 9, 2020
·
1 revision
Pages 100
Introduction
Setup
Server Configuration
Client Configuration
Upgrade
- General Upgrade Procedures
- How to Upgrade Versions
- Troubleshooting Upgrades
- Migrating sqlite to MySQL
Modules
Securing MunkiReport
Customization
Misc
Developers
Clone this wiki locally
Authenticated SQL injection - CVE-2020-10190
Description
A logged in admin can craft a special request using his admin session credentials to inject arbitrary SQL into a webquery. This can lead to reading records outside of the authorization of the admin - for instance when using Business Units. Using this special request, it is also possible to alter and delete arbitrary records.
Vulnerability: All versions of MunkiReport < 5.3.0 are vulnerable
Mitigation
Update MunkiReport to the latest version (Preferred)
- Version specific upgrade notes - https://github.com/munkireport/munkireport-php/wiki/How-to-Upgrade-Versions
- General upgrade documentation - https://github.com/munkireport/munkireport-php/wiki/General-Upgrade-Procedures
If updating to the latest version in not possible:
- Update
munkireport-php/app/models/tablequery.phpto the version that ships with MR 5.3.0 - Replace that file with the one that you can download here: https://github.com/munkireport/munkireport-php/blob/71d4de2898fde211e57d418a5b7750ed54aef6f3/app/models/tablequery.php This should work for MunkiReport version 3.0.0 and up.
An Opensource project