CSZ-CMS SQL Injection Vulnerability in Form Builder View

A SQL injection vulnerability has been identified in CSZ-CMS versions through 1.3.0, specifically within the Form Builder view functionality. The issue arises in the 'field' parameter, where authenticated administrators can execute arbitrary SQL queries. The vulnerability allows for the extraction of sensitive data, such as usernames and password hashes, from the database.

Impact

Exploitation of this vulnerability could lead to unauthorized data access, allowing attackers to extract sensitive information from the database, including user credentials. Additionally, this vulnerability could be used to manipulate database information or escalate privileges within the application.

Reproduction

To reproduce this vulnerability, an authenticated administrator can navigate to the Form Builder view and inject a SQL payload into the 'field' parameter. The injected SQL query will be executed by the application, allowing the attacker to extract data from the database.