Deerwms Deer-WMS-2 SQL Injection Vulnerability in User List Management
Vulnerability
A critical SQL injection vulnerability has been identified in Deerwms Deer-WMS-2 versions up to 3.3. The issue arises in the user list management feature, specifically within the '/system/user/list' endpoint. The vulnerability is caused by unsanitized user input in the 'params[dataScope]' parameter, which is used in the SQL query without proper preparation. This flaw allows remote attackers to manipulate the SQL query, potentially leading to unauthorized data access or control over the server.
Impact
Exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, appended to the original SQL query of the vulnerable endpoint. This could result in unauthorized data access, data manipulation, or in some cases, executing commands on the server, depending on the database and application configuration.
Reproduction
To reproduce this vulnerability, send a POST request to the '/system/user/list' endpoint with a payload that includes a crafted 'params[dataScope]' parameter. The payload can be designed to exploit the SQL injection, such as by using SQL functions or commands that extract database information.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.