brandonfire miRNA_Database_by_PHP_MySql model.php count_rna sql injection

Vulnerability

The vulnerability is a SQL injection in the __construct, select_single_rna, and count_rna functions in inc/model.php of the brandonfire miRNA_Database_by_PHP_MySql project. The application directly concatenated user-supplied input into SQL queries without proper sanitization or parameterization, allowing an attacker to manipulate the query structure. The affected code is present in versions prior to commit 307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a. [1]

Exploitation

An attacker can exploit this vulnerability by providing crafted input to any of the affected functions, such as the $new parameter in select_single_rna or the $name and $tissue parameters in count_rna. No special network position or authentication is required if the application exposes these functions to user input. The attacker can inject SQL commands by including SQL metacharacters (e.g., single quotes) in the parameter values, leading to arbitrary query execution. The public availability of the code and the commit diff [1] shows the exact vulnerable lines, simplifying exploitation.

Impact

Successful exploitation allows an attacker to read, modify, or delete arbitrary data in the underlying MySQL database. This can lead to disclosure of sensitive information stored in the mirna table or other tables, potentially including user credentials or other confidential data. The vulnerability is rated as critical due to the lack of access control and the direct exposure of the database.

Mitigation

The fix is contained in commit 307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a [1], which replaced unsafe string interpolation with parameterized queries using prepared statements. The maintainer recommends applying this patch. No workaround is detailed; upgrading to the patched version is the only mitigation. The vulnerability has not been listed in the CISA Known Exploited Vulnerabilities (KEV) catalog as of this writing. [1]