Alive Parish SQL Injection and Arbitrary File Upload Vulnerability

A vulnerability in Alive Parish version 2.0.4 allows for SQL injection and arbitrary file upload. Unauthenticated attackers can exploit the SQL injection flaw by injecting malicious SQL queries through the 'key' parameter in the search endpoint. This could lead to unauthorized data access or manipulation. Additionally, the application allows users to upload files via the photo upload feature, which could be exploited to execute remote code by uploading a malicious file to the 'images/uploaded' directory.

Impact

Exploitation of the SQL injection vulnerability could allow attackers to execute arbitrary SQL queries, potentially leading to unauthorized data access or manipulation. The arbitrary file upload vulnerability could be used to upload malicious files that, once executed, could compromise the server or application.

Reproduction

To reproduce the SQL injection vulnerability, send a GET request to the search endpoint with a crafted SQL injection payload in the 'key' parameter. The server response should indicate successful exploitation, such as returning database information or application data that should not be accessible. To reproduce the arbitrary file upload vulnerability, use the photo upload feature to upload a file. The uploaded file should be placed in the 'images/uploaded' directory, where it can be accessed and executed remotely.