EasyPMS Authentication Bypass Vulnerability Allowing Unauthorized SQL Query Manipulation
Vulnerability
An authentication bypass vulnerability has been identified in EasyPMS version 1.0.0. This vulnerability allows unprivileged users to manipulate SQL queries within JSON requests, enabling them to access admin user information. The issue arises from inadequate input validation, which can be exploited by injecting single quotes into ID parameters. As a result, attackers can modify admin user passwords without the necessary token authentication.
Impact
Exploitation of this vulnerability could lead to unauthorized password changes for admin users, allowing unprivileged users to gain elevated privileges.
Reproduction
To reproduce this vulnerability, an unprivileged user can send a JSON request to the 'Select/STDUSER' endpoint. By injecting a single quote into the 'ID' parameter, the SQL query can be manipulated to bypass authentication and access admin user data. Once the ID of an admin user is obtained, the same user can send a password reset request, changing the admin user's password without proper authentication.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.