Enricozab CMS SQL Injection Vulnerability in hdo-view-case.php
Vulnerability
A SQL injection vulnerability in Enricozab CMS version 1.0 allows remote attackers to execute arbitrary SQL code. The issue arises in the hdo/hdo-view-case.php file, where user input is not properly sanitized before being used in SQL queries.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to execute arbitrary code or access sensitive data in the database.
Reproduction
The vulnerability can be reproduced by sending a request to the hdo/hdo-view-case.php page with a crafted 'cn' parameter that includes SQL injection payloads. The injected payload will be executed by the application's database query, demonstrating the SQL injection flaw.
Remediation
It is recommended to implement input validation and character filtering to sanitize user inputs before executing database queries. This can help prevent SQL injection attacks by ensuring that malicious payloads are not processed by the application.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.