DzzOffice SQL Injection Vulnerability in Group Management Component

A SQL injection vulnerability has been identified in DzzOffice versions through 2.3.7, specifically within the group management feature of the explorer module. The issue arises because the application improperly sanitizes the 'gid[]' parameter when constructing SQL queries, allowing attackers to inject malicious SQL code. Exploitation of this vulnerability requires an administrator account.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations within the application.

Reproduction

To reproduce this vulnerability, first ensure that a user group is active. Then, log in with an administrator account and navigate to the group management section. Once there, retrieve the 'gid' value corresponding to the group. This 'gid' can then be used to exploit the SQL injection vulnerability by sending a crafted POST request that includes the 'gid[]' parameter with injected SQL payloads.