When creating a new customer, the application fails to properly sanitize the input of the email address. An attacker can easily craft a malicious email message that contains a SQL query and inject it into the application to obtain access to other customer data.

An authenticated SQL Injection vulnerability in the payment page (/payment) of Maarch RM 2.8, via the order_total SQL parameter, allows an attacker to view and modify the customer's payment information.

An authenticated SQL Injection vulnerability in the invoice page (/invoice) of Maarch RM 2.8 allows an attacker to view and modify the customer's invoice information.

An authenticated SQL Injection vulnerability in the order details page (/order_details) of Maarch RM 2.8 allows an attacker to view and modify the customer's order information.

An authenticated SQL Injection vulnerability in the order tracking page (/order_tracking) of Maarch RM 2.8 allows an attacker to view and modify the customer's order details.

An authenticated SQL Injection vulnerability in the order status page (/order_status) of Maarch RM 2.8 allows an attacker to view and modify the customer's order details.

An authenticated SQL Injection vulnerability in the account status page (/account_status) of Maarch RM 2.8 allows an attacker to view and modify the customer's account details.

An authenticated SQL Injection vulnerability in the account details page (/account_details) of

Risks and Mitigation Strategies

Steps to Mitigate:

1. Update the application to use appropriate tokens for all inputs.
2. Validate input data against a whitelist/blacklist of values at runtime.
3. Use parameterized queries for all SQL statements, such as using ?order_status=SELECT * FROM order_status WHERE status=' processing ' .

Timeline

Published on: 11/23/2022 00:15:00 UTC
Last modified on: 11/26/2022 03:34:00 UTC

References