AhnLab EPP SQL Injection Vulnerability Leading to Remote Code Execution
Vulnerability
A SQL injection vulnerability has been identified in AhnLab Endpoint Protection Platform (EPP) version 1.0.15 and prior. This vulnerability resides in the web admin interface and is classified as a Boolean-based, time-based SQL injection. Exploitation of this vulnerability allows for remote code execution. The issue has been acknowledged and patched in versions released after 1.0.15.
Impact
Exploitation of this vulnerability allows for Boolean-based, time-based SQL injection, which can lead to remote code execution on the affected system.
Reproduction
To reproduce this vulnerability, send a POST request to the '/api/console/ems/query/report/preview' endpoint. Include an authorization bearer token and set the 'Content-Type' to 'application/json'. In the request body, specify the 'action' as 'preview_query_report' and include a crafted SQL injection payload in the 'params' array. The response will indicate successful exploitation by returning the injected data.
Remediation
Users are advised to update to the latest version of AhnLab EPP, as the vulnerability has been patched in versions released after 1.0.15.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.