Rebuild SQL Injection Vulnerability in Admin Command Execution Interface

A SQL injection vulnerability has been identified in the REBUILD system, specifically in versions 3.9.0 prior to 3.9.4. The issue resides within the admin command execution interface, where improper handling of user input allows for malicious SQL queries to be executed. This vulnerability can be exploited by sending a crafted payload that manipulates SQL query execution, potentially leading to unauthorized data access or modification.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, log into the application as an administrator. Navigate to the admin command execution interface. Once there, send a POST request to the '/admin/admin-cli/exec' endpoint. The request must include a payload that exploits the SQL injection vulnerability, such as a crafted 'syscfg' command that includes SQL injection payloads. It's important to set the 'Content-Type' header to 'text/plain' to successfully exploit the vulnerability.

Remediation

Users can upgrade to Rebuild version 3.9.4 or later, where this vulnerability has been fixed.