LabCollector SQL Injection Vulnerability

In LabCollector version 5.423, multiple SQL injection vulnerabilities allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious payloads through POST parameters. The vulnerabilities are present in the 'login' parameter of 'login.php' and the 'user_name' parameter of 'retrieve_password.php'. Exploitation of these vulnerabilities could lead to unauthorized access to sensitive database information.

Impact

Exploitation of these vulnerabilities allows for arbitrary SQL command execution, enabling attackers to extract sensitive information from the database.

Reproduction

The vulnerability can be reproduced by sending a POST request to 'login.php' with a crafted SQL payload in the 'login' parameter. Alternatively, a POST request can be sent to 'retrieve_password.php' with a SQL injection payload in the 'user_name' parameter. This can be done using tools like sqlmap, targeting a MySQL database.