CloudClassroom-PHP SQL Injection Vulnerability Leading to Remote Code Execution
Vulnerability
A SQL injection vulnerability has been identified in CloudClassroom-PHP Project version 1.0. The issue arises in the 'viewid' parameter, allowing attackers to manipulate SQL queries and potentially execute arbitrary code on the server.
Impact
Exploitation of this vulnerability allows for SQL injection, which can be used to execute arbitrary SQL commands. In this case, the vulnerability was exploited to upload a malicious PHP file to the server, which was then used to execute system commands, confirming remote code execution on the target system.
Reproduction
To reproduce this vulnerability, navigate to the affected URL and modify the 'viewid' parameter by appending a single quote. This action will trigger an SQL error, indicating a potential SQL injection vulnerability. After confirming the vulnerability, it can be exploited using SQLmap to upload a malicious PHP file to the server. Once the file is uploaded, system commands can be executed via the PHP file, achieving remote code execution.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.