Das Parking Management System Unauthenticated Remote SQL Injection Vulnerability in ExportParkingRecords Endpoint

A vulnerability allowing unauthenticated remote SQL injection has been identified in Das Parking Management System version 6.2.0. The issue arises in the API endpoint 'ExportParkingRecords' within the 'ParkingRecord' component, specifically in the 'xp_cmdshell' function. The vulnerability is triggered by manipulating the 'Value' argument, which can lead to SQL injection. Exploitation of this vulnerability could potentially allow for a full server compromise.

Impact

Exploitation of this vulnerability allows for unauthenticated remote SQL injection, which could lead to a full server compromise.

Reproduction

To reproduce this vulnerability, send a POST request to the '/ParkingRecord/ExportParkingRecords' endpoint. The request must include a JSON payload with the 'Filters' array. Within this array, the 'Value' parameter can be manipulated to inject malicious SQL, exploiting the application's SQL query handling.