Advaya Softech GEMS ERP Portal SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in Advaya Softech GEMS ERP Portal version 2.1. The issue resides in the 'userId' parameter of the '/studentLogin/studentLogin.action' endpoint, allowing remote attackers to manipulate database queries. This vulnerability has been publicly disclosed and could be exploited to read, insert, update, or delete database records.

Impact

Exploitation of this vulnerability allows for Boolean-based and time-based blind SQL injection, enabling attackers to read sensitive database information or manipulate database records.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the '/studentLogin/studentLogin.action' endpoint with a malicious 'userId' parameter that includes SQL injection payloads. This can be done manually or using the provided Python script 'GEMS_POC.py', which automates the exploitation process by extracting database information through the SQL injection vulnerability.