Bluelabsio Records-Mover SQL Injection Vulnerability in Table Object Handler
Vulnerability
A SQL injection vulnerability has been identified in Bluelabsio Records-Mover versions prior to 1.5.4. The issue arises from an unknown function within the Table Object Handler component, where improper handling of input allows for SQL injection. This vulnerability requires local exploitation.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries executed by the application. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
The vulnerability can be reproduced by using a version of Bluelabsio Records-Mover prior to 1.5.4 and introducing crafted input that exploits the Table Object Handler's SQL query construction process. This can be done by mocking the behavior of the Table Object Handler to simulate the injection of malicious SQL payloads.
Remediation
Users are advised to upgrade to Bluelabsio Records-Mover version 1.6.0 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.