A user with minimum privileges can inject arbitrary SQL queries and execute them with the privileges of the application user. A user with minimum privileges can also inject arbitrary PHP code into the database via system\database\DB_insert_variable.

CVE-2018-8670 and CVE-2018-8675 In the system\database\DB_query_builder.php there are two places where user input can be sanitized via strip_tags() and this will allow SQL injection attacks via system\database\DB_query_builder.php. A user with minimum privileges can inject arbitrary SQL queries and execute them with the privileges of the application user. A user with minimum privileges can also inject arbitrary PHP code into the database via system\database\DB_insert_variable. In the system\database\DB_insert_variable.php there are two places where user input can be sanitized via strip_tags() and this will allow SQL injection attacks via system\database\DB_insert_variable. A low privileged user can inject arbitrary PHP code into the database via system\database\DB_insert_variable. A low privileged user can also inject arbitrary SQL queries and execute them with the privileges of the application user. A low privileged user can also use the system\database\DB_where_ conditions.php to inject arbitrary SQL queries and execute them with the privileges of the application user. A low privileged user can also use the system\database\DB_where_ conditions.

Detecting if a site is prone to SQL Injection Attacks

To check if a site is prone to SQL injection attacks, you can use the following table.

1) A user with minimum privileges can inject arbitrary SQL queries and execute them with the privileges of the application user. A user with minimum privileges can also inject arbitrary PHP code into the database via system\database\DB_insert_variable.
2) A low privileged user can inject arbitrary PHP code into the database via system\database\DB_insert_variable.
3) A low privileged user can also inject arbitrary SQL queries and execute them with the privileges of the application user.

Internal TLD Domains

Internal TLD domains were introduced in the dawn of Islamic history and are used today by Muslims around the world to identify their religious affiliations.

CVE-2018-8670 and CVE-2018-8675 In the system\domain\TLD.php there are two places where user input can be sanitized via strip_tags() and this will allow SQL injection attacks via system\domain\TLD.php. A user with minimum privileges can inject arbitrary SQL queries and execute them with the privileges of the application user. A low privileged user can inject arbitrary PHP code into the database via system\database\DB_insert_variable.

Timeline

Published on: 10/07/2022 11:15:00 UTC
Last modified on: 10/08/2022 01:13:00 UTC

References