OpenKM Unrestricted SQL Execution Vulnerability in DatabaseQuery Interface

A vulnerability allowing unrestricted SQL execution has been identified in OpenKM versions 6.3.12 and prior. This issue affects both the Community and Professional editions. The vulnerability allows authenticated administrative users to execute arbitrary SQL commands against the application database via the DatabaseQuery interface. Exploitation of this vulnerability could lead to unauthorized data access, including extraction of sensitive information such as usernames and password hashes from the OKM_USER table, modification of user permissions, or deletion of database records.

Impact

Successful exploitation allows for complete database compromise, including unauthorized access to user credentials, modification of database records and permissions, and potential disruption of application functionality.

Reproduction

To reproduce this vulnerability, log into the OpenKM application as an administrator. Navigate to the 'Database Query' section under the administration panel. Here, SQL queries can be entered and executed without any restrictions. After executing a query, the results will be displayed on the same page.