YiFang CMS SQL Injection Vulnerability in L_tool.php (up to 2.0.5)

A SQL injection vulnerability has been identified in YiFang CMS versions through 2.0.5. The issue arises in the file app/logic/L_tool.php, where user input from the new_url parameter is not properly sanitized, allowing for the injection of malicious SQL commands. This vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a POST request to the /admin/tool/replaceSiteUrl endpoint. Include the cms_session cookie to maintain an active session. The request must contain the old_url parameter and the new_url parameter with a crafted SQL injection payload that exploits the vulnerability by injecting SQL commands into the query.