Ketr JEPaaS SQL Injection Vulnerability in readAllPostil Function

A SQL injection vulnerability has been identified in Ketr JEPaaS versions through 7.2.8. The issue arises in the readAllPostil function within the file /je/postil/postil/readAllPostil. The vulnerability can be exploited remotely by manipulating the keyWord parameter, allowing for unauthorized SQL query modifications. This flaw has been publicly disclosed and is actively exploitable.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a POST request to the /je/postil/postil/readAllPostil endpoint. Include a crafted keyWord parameter that exploits the SQL injection flaw, such as one that uses SQL injection techniques to manipulate the database query processing. The request should also include the necessary authentication cookies.

Remediation

It is recommended to use prepared statements for database queries instead of concatenating strings, which can introduce SQL injection vulnerabilities.