EasyVirt DCScope and CO2Scope SQL Injection Vulnerability Allowing User and Role Management
Vulnerability
Multiple SQL injection vulnerabilities have been identified in EasyVirt DCScope versions through 8.6.0 and CO2Scope versions through 1.3.0. These vulnerabilities allow remote authenticated attackers with low privileges to manipulate user and role data through various API endpoints. Exploitation could lead to unauthorized user creation, modification, deletion, and role management.
Impact
Exploitation of these vulnerabilities could result in unauthorized access to user accounts and roles, potentially allowing for elevated privileges or administrative access.
Reproduction
To reproduce this vulnerability, log into an affected EasyVirt application with low privileges. Once logged in, send a request to one of the vulnerable API endpoints, such as '/api/user/addalias' to add an admin user, or '/api/user/roles' to retrieve roles. The SQL injection can be exploited by injecting malicious SQL payloads into the API request, which the application will improperly handle, allowing for manipulation of the database.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.