itsourcecode Directory Management System SQL Injection Vulnerability in Forget Password Functionality

A SQL injection vulnerability has been identified in the itsourcecode Directory Management System version 1.0. The issue resides in the admin/forget-password.php file, where the email parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely, without any authentication, leading to unauthorized database access and potential data manipulation.

Impact

Exploitation of this vulnerability allows for SQL injection, which could be used to access, modify, or delete database information. Such actions could disrupt service and compromise sensitive data.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /dms/admin/forget-password.php endpoint. The request must include the email parameter with a crafted payload that exploits the SQL injection flaw, such as using a time-based blind SQL injection technique that leverages SQL's SLEEP function to demonstrate the injection's effectiveness.

Remediation

It is recommended to use prepared statements and parameter binding to prevent SQL injection, validate and filter user input, minimize database user permissions, and conduct regular security audits.