Silverpeas SQL Injection Vulnerability in Taxonomy Module

A SQL injection vulnerability has been identified in Silverpeas version 6.4.1, specifically within the Taxonomy module. The issue arises in the 'ViewType' parameter of the 'findByWhereClause' function, where inadequate input validation allows remote attackers to inject malicious SQL payloads. This vulnerability can be exploited using union-based and time-based injection techniques, potentially leading to unauthorized access to sensitive information and disruption of database operations.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate SQL queries to access or modify database information. In this case, the vulnerability could be used to extract sensitive data, such as user credentials, and disrupt normal database operations.

Reproduction

To reproduce this vulnerability, log in with a SilverAdmin account and navigate to the Taxonomy module. Inspect the 'Primary topics' view and inject payloads into the 'ViewType' parameter. For time-based injection, use a payload that includes a command to delay the response, such as one that pauses execution for several seconds. For union-based injection, use a payload that exploits the SQL injection vulnerability to extract database information, such as user credentials.

Remediation

Users are advised to update to the latest version of Silverpeas, where this vulnerability has been addressed. Additionally, review and sanitize input parameters to prevent SQL injection attacks.