Emlog SQL Injection Vulnerability in Tag Management Function

A SQL injection vulnerability has been identified in Emlog versions prior to 2.6.2. The issue resides in the 'include/model/tag_model.php' file, specifically within the 'updateTagName()' function. This function improperly incorporates user input into SQL query strings without utilizing parameterized queries or adequate escaping, leaving it open to SQL injection attacks. The vulnerability allows authenticated administrators to execute arbitrary SQL commands, potentially leading to unauthorized data access or modification.

Impact

Exploitation of this vulnerability allows authenticated administrators to execute arbitrary SQL commands, with full read/write access to the database. This could lead to privilege escalation and unauthorized data exfiltration.

Reproduction

To reproduce this vulnerability, authenticate as an admin and navigate to the tag management page. Edit a tag and inject a SQL payload into the tag name field, such as a payload that manipulates the SQL query logic, like 'test' OR 1=1-- . Save the changes and observe the results of the executed SQL, which will reflect the injection's success.

Remediation

No patches are currently available for this vulnerability.