html5_snmp SQL Injection Vulnerability

A SQL injection vulnerability has been identified in html5_snmp version 1.11. This vulnerability allows attackers to manipulate database queries by exploiting the Router_ID and Router_IP parameters. The injection can be executed using error-based, time-based, and union-based techniques, potentially leading to unauthorized data extraction or modification.

Impact

Exploitation of this vulnerability allows for SQL injection, which could be used to extract or modify database information.

Reproduction

The vulnerability can be reproduced by sending a POST request to the application's router management endpoint with crafted payloads that exploit the SQL injection flaw in the Router_ID parameter. Additionally, the Router_IP parameter can be exploited through GET requests. The injected SQL can be used to manipulate the application's database queries, with the possibility of extracting or altering data.