Deerwms Deer-WMS-2 SQL Injection Vulnerability in Department Management Endpoint

A critical SQL injection vulnerability has been identified in DeerWMS version 2, up to 3.3. The issue arises in the department management endpoint '/system/dept/edit', where the 'ancestors' parameter is user-controllable and not properly sanitized. This lack of input validation, combined with the absence of prepared statements in the SQL query execution, allows attackers to manipulate the parameter and execute arbitrary SQL commands. The vulnerability can be exploited remotely, potentially leading to unauthorized access to sensitive database information or complete control over the server.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database. Additionally, according to the vulnerability's VulDB entry, successful exploitation could result in complete control over the server.

Reproduction

To reproduce this vulnerability, send a POST request to the '/system/dept/edit' endpoint with a crafted 'ancestors' parameter. The request must include a valid session cookie. The payload should be designed to exploit the SQL injection vulnerability, such as by using SQL injection techniques to extract database information or execute arbitrary SQL commands.