When visiting this path on the affected system, an attacker could leverage the injection to execute arbitrary SQL commands that would lead to the alteration or deletion of data. An attacker could also leverage the injection to create new users that have the privileges of the system’s administrator. In addition, Canteen Management System v1.0 also has a path that allows users to change their password via the password parameter. A successful SQL injection attack could potentially be leveraged by a remote attacker to change the password of an administrative account and gain access to the system as an administrator. Canteen Management System v1.0 has an unauthenticated LDAP server that allows users to change their email address via the email parameter. An attacker could potentially exploit this LDAP vulnerability to change the email address of an administrative account and gain access to the system as an administrator. Canteen Management System v1.0 allows administrators to add new users via the useradd function. Attackers could potentially exploit a privilege escalation vulnerability or a weakness in the LDAP server to add new users with the privileges of the system’s administrator. Canteen Management System v1.0 has a path that allows administrators to change a user’s password via the password parameter. An attacker could potentially exploit a SQL injection vulnerability to change the password of an administrative account and gain access to the system as an administrator

Canteen Management System v2.0 and CVE-2022-43328

Canteen Management System v2.0 has the same security vulnerabilities as version 1.0, but also includes additional vulnerabilities that are not present in Canteen Management System v1.0. Canteen Management System v2.0 allows administrators to add new users via the useradd function, but does not have the privilege escalation vulnerability or a weakness in the LDAP server found in version 1.0 of Canteen Management System v1.0

Timeline

Published on: 11/01/2022 19:15:00 UTC
Last modified on: 11/01/2022 22:37:00 UTC

References