Xinhu SQL Injection Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A SQL injection vulnerability has been identified in Xinhu version 2.6.5 and prior. This vulnerability allows remote attackers to execute arbitrary code by exploiting the inputAction.php file and the saveAjax function. The issue arises from improper handling of user input, which can be manipulated to inject malicious SQL commands that are executed by the application's database.
Impact
Exploitation of this vulnerability allows for SQL injection, which can lead to unauthorized data access or manipulation. Additionally, according to the author, this vulnerability could be exploited to execute arbitrary code on the server.
Reproduction
The vulnerability can be reproduced by sending a POST request to 'index.php' with the 'a', 'm', 'd', and 'ajaxbool' parameters. The 'm' parameter can be set to 'mode_customer|input', and the 'd' parameter should be 'flow'. The 'linkname' parameter can be manipulated to include a payload that exploits the SQL injection vulnerability. Once the request is sent, the application will return an error message that reveals the presence of the SQL injection vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.