Westboy CicadasCMS SQL Injection Vulnerability in Version 1.0
Vulnerability
A critical SQL injection vulnerability has been identified in Westboy CicadasCMS version 1.0. The issue arises in the '/system/cms/content/page' interface, where the 'orderField' and 'orderDirection' parameters are manipulated to execute arbitrary SQL commands. This vulnerability allows attackers to remotely access and potentially steal sensitive data from the application's database.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, log into the admin backend of CicadasCMS v1.0. Navigate to the Content Management section and click 'Next Page'. This action will trigger a request to the vulnerable endpoint. The SQL injection can be exploited by crafting a payload that manipulates the 'orderField' parameter to, for example, introduce a delay response, confirming the injection's success.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.