PiHome SQL Injection Vulnerability in ajax.php Component

A critical SQL injection vulnerability has been identified in PiHome version 1.77. The issue arises in the ajax.php file, specifically within the GetModal_MQTTEdit function. The vulnerability allows remote attackers to manipulate the 'id' parameter, injecting malicious SQL that could be executed by the application's database. This exploitation could lead to unauthorized data access or manipulation.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, first ensure that a record exists in the 'mqtt' table of the application's database. Then, send a GET request to 'ajax.php' with the 'Ajax' parameter set to 'GetModal_MQTTEdit' and the 'id' parameter containing the crafted SQL injection payload. For example, using '(sleep(20))--' as the payload will demonstrate the injection by causing a 20-second delay in the response, indicating successful exploitation.