pbootCMS SQL Injection Vulnerability Allowing Sensitive Information Disclosure

A SQL injection vulnerability has been identified in pbootCMS versions 3.2.5 and 3.2.10. This vulnerability allows remote attackers to access sensitive information by sending a crafted GET request. The issue arises in the TagController, where the 'tag' parameter is not properly sanitized before being used in SQL queries. Exploitation of this vulnerability can also lead to cross-site scripting (XSS) and remote code execution (RCE) in the admin panel.

Impact

Successful exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized access to sensitive data, such as user passwords. Additionally, the vulnerability can be extended to cause cross-site scripting (XSS) and remote code execution (RCE) in the admin panel.

Reproduction

To reproduce this vulnerability, send a GET request to 'index.php' with a crafted 'tag' parameter that includes a SQL injection payload. The payload should exploit the application's SQL query handling by injecting SQL commands that, for example, union select user passwords from the database. After the injection, the response will include the extracted data, demonstrating the successful exploitation of the SQL injection vulnerability.