Log2Space Subscriber Management Software Unauthenticated SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Log2Space Subscriber Management Software version 1.1. The issue resides in the '/l2s/api/selfcareLeadHistory' endpoint, where the 'lead_id' parameter is vulnerable to unauthenticated exploitation. This flaw allows remote attackers to execute arbitrary SQL queries against the backend database, as the application fails to properly sanitize user input. Exploitation of this vulnerability could lead to enumeration of database schemas, table names, and potentially a complete database compromise.

Impact

Successful exploitation allows attackers to execute arbitrary SQL queries, potentially leading to extraction of sensitive customer or billing data, manipulation or deletion of such data, and under certain database configurations, remote code execution.

Reproduction

To reproduce this vulnerability, send a POST request to the '/l2s/api/selfcareLeadHistory' endpoint with the 'lead_id' parameter. The parameter value can be crafted to include SQL injection payloads, such as SQL union-based injections, to exploit the vulnerability.

Remediation

Users are advised to update to a version of Log2Space Subscriber Management Software that addresses this vulnerability. Implementing parameterized queries for database operations, enforcing strict input validation, and disabling verbose SQL error messages in production environments are recommended mitigation strategies.