Tina4 Stack SQL Injection and Unauthenticated Database File Download Vulnerability

A vulnerability in Tina4 Stack version 1.0.3 allows unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the 'kim.db' database file to obtain user credentials and password hashes. Additionally, SQL injection can be performed through the menu endpoint to manipulate database queries.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user data, including credentials and password hashes, and could allow attackers to manipulate database information through SQL injection.

Reproduction

To reproduce this vulnerability, upload Tina4 Stack version 1.0.3 to a web server. Once the application is running, an unauthenticated user can request the 'kim.db' file directly, which will return the database containing user credentials and password hashes. Alternatively, SQL injection can be performed by sending a request to the menu endpoint with injected SQL code, allowing manipulation of database queries.