CoreShop Error-Based SQL Injection Vulnerability in CustomerTransformerController
Vulnerability
A SQL injection vulnerability allowing for error-based exploitation has been identified in CoreShop versions prior to 4.1.9. The issue resides in the CustomerTransformerController within the admin panel, specifically at the customer-company-modifier duplication name check endpoint. The vulnerability arises because user-supplied input is improperly integrated into a SQL query without proper sanitization or parameterization, potentially leading to database error disclosure and unauthorized data extraction.
Impact
Exploitation of this vulnerability allows authenticated admin users to execute arbitrary SQL commands, causing database errors that could disclose sensitive information. Additionally, this vulnerability could be exploited to extract data from the database, depending on the injected SQL payload.
Reproduction
To reproduce this vulnerability, log into the CoreShop admin panel and navigate to the customer-company-modifier duplication name check endpoint. Inject a double quote into the value parameter to trigger a SQL syntax error, which confirms the presence of the SQL injection vulnerability. Once confirmed, the vulnerability can be exploited by using a tool like sqlmap to extract data from the database.
Remediation
Users are advised to update to CoreShop version 4.1.9 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.