BoyunCMS SQL Injection Vulnerability in Server.php File

A critical SQL injection vulnerability has been identified in BoyunCMS versions through 1.4.20. The issue resides in the application/update/controller/Server.php file, where the phone parameter is not properly sanitized before being used in SQL queries. This flaw allows remote attackers to inject arbitrary SQL commands, potentially leading to unauthorized access, modification of data, or complete compromise of the database. The vulnerability appears to be the result of legacy test code that was not removed before the production release.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data modification, or a complete compromise of the database.

Reproduction

The vulnerability can be reproduced by sending a request to the update/server/check_date endpoint with a crafted phone parameter that includes SQL injection payloads. This can be done using tools like SQLMap, which automates the process of finding and exploiting SQL injection vulnerabilities.