Simple CMS Remote SQL Injection Vulnerability

A remote SQL injection vulnerability has been identified in Simple CMS version 2.1. This vulnerability allows privileged attackers to inject unfiltered SQL commands into the users module via the admin.php file. Exploitation of this vulnerability could lead to compromise of the database management system and the web application.

Impact

Successful exploitation allows for injection and execution of SQL commands, leading to potential compromise of the database management system, web server, and web application.

Reproduction

To reproduce this vulnerability, a privileged user must access the admin panel and navigate to the users module. Once there, the 'addUser' or 'editUser' functions can be exploited by injecting SQL payloads into the name, username, and password fields. The injection takes advantage of unvalidated input parameters, causing a SQL error that reveals the injection point.

Remediation

It is recommended to sanitize input parameters by removing special characters, especially single and double quotes, and to use prepared statements for database queries. Additionally, SQL error messages should be suppressed to prevent disclosure of sensitive information.