Loganhong PHP LoganSite SQL Injection Vulnerability in Article Handler Component

A SQL injection vulnerability has been identified in Loganhong PHP LoganSite versions up to commit c035fb5c3edd0b2a5e32fd4051cbbc9e61a31426. The issue resides in the Article Handler component, specifically within the file /includes/article_detail.php. The vulnerability is triggered by manipulating the 'id' argument, which is directly concatenated into the SQL query without proper escaping or parameterization. This flaw allows remote attackers to execute arbitrary SQL commands, potentially leading to unauthorized data access or manipulation.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a GET request to the /includes/article_detail.php file with a crafted 'id' parameter that exploits the SQL injection flaw. The injection can be verified by using SQL injection testing tools such as sqlmap, which can automate the process of exploiting the vulnerability and extracting database information.