Moss SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Moss version 0.1.3. This vulnerability allows attackers to inject malicious SQL payloads into the 'order' parameter. The injection can be exploited through several admin API endpoints, including article, category, tag, link, and store lists, after logging into the backend.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to execute arbitrary SQL code. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, log into the backend of the application. Then, send a POST request to the '/admin/api/article/list' endpoint with a crafted payload in the 'order' parameter that exploits the SQL injection flaw. The same injection can be applied to the category, tag, link, and store list endpoints.

Remediation

It is recommended to implement proper input validation and parameterized queries to prevent SQL injection vulnerabilities. Additionally, filtering the 'order' parameter in the context could help mitigate this issue.