ownDMS SQL Injection Vulnerability in pdfstream.php, imagestream.php, and anyfilestream.php
Vulnerability
A SQL injection vulnerability has been identified in ownDMS version 4.7. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious payloads through the IMG parameter. Exploitation can be done by sending GET requests to pdfstream.php, imagestream.php, or anyfilestream.php. The injected SQL queries can be used to extract sensitive information from the database, including version details and database names.
Impact
Exploitation of this vulnerability allows for arbitrary SQL execution, which could lead to unauthorized data access or manipulation. In this case, it could be used to extract sensitive database information such as version details and database names.
Reproduction
To reproduce this vulnerability, send a GET request to one of the vulnerable PHP files (pdfstream.php, imagestream.php, or anyfilestream.php) with a crafted SQL payload in the IMG parameter. The server response will include the extracted database information, indicating successful exploitation.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.