fgeek
commented
2 years ago Looks like prepared statements are not used at all (checked multiple php file) so there will be lot of more SQL-injections. All of the queries need an update.
Open Frentzen opened 2 years ago
fgeek
commented
2 years ago Looks like prepared statements are not used at all (checked multiple php file) so there will be lot of more SQL-injections. All of the queries need an update.
Product Version: 9.4.0
Author: Frentzen
CVE Assigned: CVE-2021-41672
Vulnerability Description: Authenticated user (with some administrator pivileges) can inject malicious query in order to achive SQL injection via "id_utilisateur" POST parameter on the /peel-shopping_9_4_0/administrer/utilisateurs.php endpoint. After this attack, attacker can read sensitive information from the database and until modify its data.
Vulnerable URL: http://localhost/peel-shopping_9_4_0/administrer/utilisateurs.php
Proof of Concept: