No-Cms SQL Injection Vulnerability in Manage Privilege Export Endpoint

A SQL injection vulnerability has been identified in No-Cms version 1.0. The issue resides in the order_by parameter of the manage_privilege export endpoint. This vulnerability allows authenticated attackers to manipulate database queries and extract sensitive information. Exploitation involves sending POST requests to the export endpoint with malicious SQL code embedded in the order_by[0] parameter.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, authenticate a user and send a POST request to the '/nocms/main/manage_privilege/index/export' endpoint. Include malicious SQL code in the 'order_by[0]' parameter. The injected SQL code will be executed by the database, allowing for manipulation of the original SQL query and potentially leading to unauthorized data access or modification.