Sucms SQL Injection Vulnerability in Admin Members Management

A critical SQL injection vulnerability has been identified in Sucms version 1.0. The issue resides in the admin_members.php file, specifically within the search functionality. The vulnerability is triggered by manipulating the uid parameter, allowing for remote SQL injection attacks. This flaw has been publicly disclosed and could be exploited by filtering parameters.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a POST request to /admin/admin_members.php?ac=search. Include the uid parameter with a value that exploits the SQL injection vulnerability. The request should be made with a user session that has administrative privileges.

Remediation

To address this vulnerability, it is recommended to use prepared statements with parameterized queries to separate SQL code from data inputs. Additionally, validate and sanitize all user inputs to ensure they conform to expected formats and remove harmful characters. Implementing the least privilege principle by configuring database accounts with minimal permissions can also help reduce the impact of potential SQL injection attacks.