Senayan Library Management System SLiMS SQL Injection Vulnerability in Circulation Module

A SQL injection vulnerability has been identified in Senayan Library Management System (SLiMS) version 9 Bulian 9.6.1. The issue arises in the circulation module, specifically within the loan form on the admin loan management page. The vulnerability is linked to the tempLoanID parameter, which, if not properly validated, allows authenticated admin users to execute arbitrary SQL queries on the backend database. This could lead to unauthorized access or manipulation of sensitive data.

Impact

Exploitation of this vulnerability allows an authenticated admin user to execute arbitrary SQL commands, potentially leading to unauthorized data access or modification in the backend database. Such actions could disrupt the integrity of the system and its data.

Reproduction

To reproduce this vulnerability, log in as an admin user and navigate to the '/admin/modules/circulation/loan.php' page. Once there, enter any text into the search field, which will populate the 'tempLoanID' parameter. Intercept the request using Burp Suite, save it as a text file, and then use sqlmap to test for SQL injection vulnerabilities. The sqlmap tool can be used to automate the exploitation of the SQL injection vulnerability by dumping the database contents.

Remediation

Users are advised to update to the patched version of SLiMS 9 Bulian. The vulnerability can also be mitigated by using prepared statements and parameterized queries to prevent SQL injection, as well as by sanitizing and validating user input, particularly for the tempLoanID parameter.