bony2023 Discussion-Board main.php display_all_replies sql injection

Vulnerability

A critical SQL injection vulnerability exists in the display_all_replies function within the functions/main.php file of the bony2023 Discussion-Board project. The str parameter is not properly sanitized before being used in a SQL query, allowing an attacker to inject arbitrary SQL commands. This affects all versions prior to the commit 26439bc4c63632d63ba89ebc0f149b25a9010361. The vulnerability is tracked as VDB-218378 [1].

Exploitation

An attacker can exploit this vulnerability by providing a crafted string to the str argument, which is then processed by the vulnerable function. No authentication is required if the endpoint is publicly accessible, and the attacker only needs the ability to send HTTP requests to the affected application. The injection can be performed via GET or POST parameters, depending on how the application handles the input [1].

Impact

Successful exploitation allows the attacker to execute arbitrary SQL queries against the application's database. This can lead to unauthorized access to sensitive data, modification or deletion of database contents, and potentially full compromise of the database server. In the context of a discussion board, this could expose user credentials, private messages, or other confidential information [1].

Mitigation

The fix has been implemented in commit 26439bc4c63632d63ba89ebc0f149b25a9010361. Users should upgrade to the patched version immediately. There is no known workaround for unpatched versions, and the project maintainer has recommended applying the patch as the sole mitigation [1].