itsourcecode Construction Management System SQL Injection Vulnerability in Borrowed Tool PHP
Vulnerability
A SQL injection vulnerability exists in the itsourcecode Construction Management System version 1.0, specifically within the borrowed_tool.php file. This issue arises in the Parameter Handler component, where the 'emp' parameter can be manipulated to inject malicious SQL queries. The vulnerability can be exploited remotely, and the details of the exploit have been made public.
Impact
Exploitation of this vulnerability allows for SQL injection, where attackers can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, and in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, log into the application and send a POST request to borrowed_tool.php with the 'emp' parameter. Include a payload that exploits the SQL injection, such as one that uses time-based blind SQL injection techniques, like the 'SLEEP' function.
Remediation
No specific mitigation measures are known for this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.