Summary
The application is vulnerable to an authenticated SQL injection due to an improper sanitization of user input.
Details
Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to /GetText.php.
PoC
A simple cURL request demonstrates the vulnerability:
curl "<url>/GetText.php?EID=1%20AND%20IF(1=1,SLEEP(5),0)" -H "Cookie: <your_cookie>"
Impact
The vulnerability is an authenticated blind SQL injection. This vulnerability impacts users of the churchcrm application who have access to the vulnerable endpoint. An attacker could exploit this issue to manipulate the database, potentially extracting sensitive information or performing unauthorized actions
apena-ba Reporter
Summary
The application is vulnerable to an authenticated SQL injection due to an improper sanitization of user input.
Details
Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to
/GetText.php.PoC
A simple cURL request demonstrates the vulnerability:
curl "<url>/GetText.php?EID=1%20AND%20IF(1=1,SLEEP(5),0)" -H "Cookie: <your_cookie>"Impact
The vulnerability is an authenticated blind SQL injection. This vulnerability impacts users of the churchcrm application who have access to the vulnerable endpoint. An attacker could exploit this issue to manipulate the database, potentially extracting sensitive information or performing unauthorized actions