Dameng100 MuuCmf T6 CMS SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Dameng100 MuuCmf CMS version 1.9.5.20260309. The issue arises in the 'getListByPage' function within the '/index/Search/index.html' file. This vulnerability allows an unauthenticated remote attacker to inject malicious SQL commands through the 'keyword' parameter. The exploitation of this flaw could lead to the unauthorized extraction of sensitive database information. Furthermore, under certain server configurations, such as 'secure_file_priv', this vulnerability could be escalated to remote code execution by writing a web shell to the server's file system.

Impact

Exploitation of this vulnerability allows for SQL injection, with the potential to escalate to remote code execution under certain server configurations.

Reproduction

The vulnerability can be reproduced by sending a crafted SQL injection payload through the 'keyword' parameter on the '/index/Search/index.html' endpoint. The injected SQL code can be manipulated to, for example, execute a time-based blind SQL injection by using a payload that causes the database to pause for a few seconds before responding, indicating that the injection was successful.