Kados R10 GreenBee SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Kados R10 GreenBee, a web-based tool for managing Scrum projects. This vulnerability allows attackers to inject malicious SQL code through the 'id_project' parameter, manipulating database queries to extract or modify sensitive information. The issue arises from improper validation of user input, enabling crafted requests to interfere with database operations.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can execute arbitrary SQL commands. This could lead to unauthorized data access, data manipulation, or in some cases, executing commands on the server.

Reproduction

The vulnerability can be reproduced by sending a request to 'projects.php' with a crafted 'id_project' parameter that includes malicious SQL code. This injection can be verified by using SQL injection payloads that, for example, extract database information or modify data. Similar injection points exist in other 'administration' and 'app_admin' pages, using different parameters such as 'menu_lev1', 'mng_profile_id', 'user2reset', 'language_tag', 'id_to_delete', and 'sort_direction'.