JiZhiCMS SQL Injection Vulnerability in addcache.html

A SQL injection vulnerability has been identified in JiZhiCMS versions through 2.5.6. The issue arises in the addcache.html file within the admin Sys directory, where user input is decoded using the htmlspecialchars_decode function. This decoded input is then directly appended to SQL queries, creating an opportunity for SQL injection attacks. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to the database. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, navigate to the 'Back-end Management' section, then go to 'Extension Management' and select 'Fragmentation'. Once there, add a new fragment and input a crafted SQL injection payload into the 'sqls' parameter. The injection point is at the SQL statement, where the fragment name and identifier can be arbitrary. After submitting the form, the injected SQL code will be executed, demonstrating the SQL injection vulnerability.

Remediation

It is recommended to use prepared statements for database queries to prevent SQL injection vulnerabilities. The vulnerable code can be replaced with a version that uses prepared statements, ensuring that user input is properly sanitized and not directly concatenated into SQL queries.