Leiyuxi Cy-Fast SQL Injection Vulnerability in Menu Data Listing Function
Vulnerability
A critical SQL injection vulnerability has been identified in Leiyuxi Cy-Fast version 1.0. The issue arises in the 'listData' function within the 'CommparaController.java' file, specifically at the '/sys/menu/listData' endpoint. The vulnerability allows remote attackers to manipulate the argument order, leading to the execution of arbitrary SQL statements. This exploitation is possible due to inadequate filtering of SQL inputs, enabling the concatenation and execution of unfiltered SQL functions.
Impact
Exploitation of this vulnerability allows for arbitrary SQL execution, which could lead to unauthorized data access or manipulation, and potentially facilitate further attacks such as SQL injection-based privilege escalation or data exfiltration.
Reproduction
To reproduce this vulnerability, send a request to the '/sys/menu/listData' endpoint with crafted SQL injection payloads that exploit the lack of input sanitization. The injected SQL can be concatenated and executed, taking advantage of the application's SQL query handling.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.