itsourcecode Construction Management System SQL Injection Vulnerability
Vulnerability
A SQL injection vulnerability exists in the itsourcecode Construction Management System version 1.0, specifically within the file '/execute1.php'. This vulnerability allows attackers to inject malicious SQL queries through the 'code' parameter, exploiting inadequate input validation and sanitation. The issue can be exploited remotely, without authentication.
Impact
Exploitation of this vulnerability allows for SQL injection, enabling attackers to manipulate database queries. This could lead to unauthorized data access, data modification, and in some cases, executing administrative operations on the database.
Reproduction
The vulnerability can be reproduced by sending a POST request to 'execute1.php' with the 'code' parameter. The injected SQL payload can be crafted to exploit the time-based blind SQL injection vulnerability, such as by using a payload that includes a time delay command, which can be used to infer information about the database.
Remediation
No specific remediation is known for this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.