Kados R10 GreenBee SQL Injection Vulnerability

An SQL injection vulnerability has been identified in Kados R10 GreenBee. This issue allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release_id parameter in boards_buttons/update_release.php. The vulnerability arises because the release_id value is directly concatenated into SQL statements without proper sanitization. Exploitation of this flaw enables attackers to extract sensitive database information, including details about the current user, database name, and DBMS version.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which could lead to unauthorized data access or manipulation. In this case, it could be used to extract sensitive database information such as the current user, database name, and DBMS version.

Reproduction

To reproduce this vulnerability, send a GET request to boards_buttons/update_release.php with a crafted release_id parameter that includes a UNION-based SQL payload. The injected SQL will be executed by the application, allowing the attacker to extract sensitive database information.