Daylight Studio FuelCMS SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Daylight Studio FuelCMS version 1.5.2, specifically within the Login component. This vulnerability arises from the unsafe and unsanitized handling of certain parameters in the password reset functionality, allowing attackers to manipulate SQL queries and access unauthorized database information.

Impact

Exploitation of this vulnerability enables attackers to extract sensitive data from the database, reset passwords for any user, including administrators, and potentially disrupt normal user login processes by altering or deleting user credentials.

Reproduction

To reproduce this vulnerability, send a POST request to the '/fuel/login/reset/' endpoint with a valid password reset token. Include the 'email' parameter with an injectable value. The SQL injection can be exploited by crafting the 'token' parameter to manipulate the SQL query executed by the application. After successfully injecting SQL, the database can be accessed to extract information or modify user passwords.