Gongfuxiang SchoolCMS SQL Injection Vulnerability in Admin Article SaveInfo Function

A critical SQL injection vulnerability has been identified in Gongfuxiang SchoolCMS version 2.3.1. The issue arises in the SaveInfo function of the file index.php, specifically when the ID parameter is manipulated. This vulnerability allows for remote exploitation and is made possible by the application's use of the ThinkPHP 3.2.3 framework, which has a known history of SQL injection vulnerabilities. The exploitation takes advantage of controllable variables in database query functions, leading to unauthorized database access or manipulation.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, log into the application as an admin user. Then, navigate to the SaveInfo function in the article management section. The vulnerability can be exploited by sending a crafted HTTP request that includes a malicious payload in the ID parameter, such as an SQL injection payload that exploits the application's database query handling.