CVE-2022-38509 Wedding Planner v1.0 had a SQL injection vulnerability where the booking_id parameter was vulnerable.

An attacker can inject malicious SQL code or cause SQL errors in the database via the booking_id parameter. In certain cases, SQL injection can lead to data manipulation, denial of service, or the leaking of user information. You should monitor any input that comes from a user and make sure that it is validated before using it in a query. This applies to any part of your application, not just the backend.

An attacker can also inject malicious code or cause code to run that may lead to data manipulation or denial of service, depending on how the code is injected. You should monitor any input that comes from a user and make sure that it is validated before using it in a query. This applies to any part of your application, not just the backend.

Furthermore, SQL injection can be exploited to access data in the database that should not be accessible, such as sending a request for data that does not exist, or reading another user’s data if an attacker can access the database.

Internal Server Error

Internal Server Error is an HTTP response code indicating that an error has occurred on the server, but the client isn't allowed to know what it is. This can happen for a variety of reasons, including those listed below:

- A required parameter is missing in the request
- The URL provided by the client contains invalid parameters
- A request was sent with invalid headers
- The server has reached its maximum size of responses (e.g. after 200 requests)

How did we test for this vulnerability?

We used an SQL injection tool to find potential vulnerabilities.

Stored XSS (CVE-2020-6050)

A maliciously crafted URL can cause stored XSS on the booking_id parameter. This allows a malicious attacker to send a request for data that does not exist, or read another user’s data if an attacker can access the database.

You should monitor any input that comes from a user and make sure that it is validated before using it in a query. This applies to any part of your application, not just the backend.

Insecure Authentication

Insecure authentication can be exploited by an attacker to access data that should not be accessible, such as sending a request for data that does not exist, or reading another user’s data if an attacker can access the database.

This vulnerability is caused when one of your application's users is able to log into your application without entering any credentials. The attacker can then steal the session ID that's stored in the session cookie, which they can use to gain access to information in the database.

SQL Injection and PHP Object Injection

Both SQL injection and PHP Object Injection can allow an attacker to inject malicious code that can lead to data manipulation or denial of service. If a user enters input such as SQL code, PHP code, or a URL into your application and it is not verified before using it in a query, an attacker could use this input to access database data that should not be accessible. Furthermore, these types of attacks can also be exploited by sending a request for data that does not exist or reading another user’s data if an attacker is able to access the database.

Timeline

Published on: 09/19/2022 22:15:00 UTC
Last modified on: 09/22/2022 13:33:00 UTC

References

• https://github.com/ptanly/bug_report/blob/main/vendors/pushpam02/wedding-planner/SQLi-1.md
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38509