Ultimate Project Manager CRM PRO Blind SQL Injection Vulnerability Allowing Credentials Leakage
Vulnerability
A blind SQL injection vulnerability has been identified in Ultimate Project Manager CRM PRO version 2.0.5. This vulnerability allows attackers to extract usernames and password hashes from the 'tbl_users' database table. Exploitation occurs through the '/frontend/get_article_suggestion/' endpoint, where malicious search parameters can be crafted to progressively guess and retrieve user credentials using boolean-based inference techniques.
Impact
Exploitation of this vulnerability leads to unauthorized access to user credentials, including usernames and password hashes.
Reproduction
The vulnerability can be reproduced by sending a POST request to the '/frontend/get_article_suggestion/' endpoint with a crafted 'search' parameter. The payload should be designed to exploit the SQL injection vulnerability by injecting SQL code that manipulates the query execution. The injection can be performed by guessing usernames and retrieving corresponding password hashes from the 'tbl_users' table.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.