------------------------------------------------------------------- Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability -------------------------------------------------------------------
[-] Software Link: http://osclass.org/ [-] Affected Versions: Version 3.4.2 and probably prior versions. [-] Vulnerability Description: The vulnerability exists because user input passed through the "alert" parameter when subscribing to a search alert is not properly validated before being stored into the DB (s_search field of the oc_t_alerts table). This can be exploited by unauthenticated attackers to inject arbitrary SQL commands via several parameters passed to the "Search::setJsonAlert()" method, which are later used to make a SQL query within the "Search::doSearch()" method. NOTE: this vulnerability might be abused to reset the administrator's password and consequently gain access to the administration panel in order to achieve arbitrary PHP code execution. [-] Solution: Update to version 3.4.3 or later. [-] Disclosure Timeline: [29/09/2014] - Vendor notified [29/09/2014] - Vendor response [09/10/2014] - Version 3.4.3 released: http://blog.osclass.org/2014/10/09/osclass-3-4-3 [09/10/2014] - CVE number requested [11/10/2014] - CVE number assigned [31/12/2014] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-8083 to this vulnerability. [-] Credits: Vulnerability discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2014-14 _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
