ServerZilla SQL Injection Vulnerability in Reset.php
Vulnerability
A SQL injection vulnerability has been identified in ServerZilla version 1.0. This issue allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Exploitation involves sending POST requests to reset.php with malicious email values that include SQL operators. This could enable attackers to bypass authentication and access sensitive database information.
Impact
Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, send a POST request to reset.php with an email parameter that includes SQL injection payloads, such as SQL operators. The server response should indicate successful exploitation, such as returning database information or bypassing authentication.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.