Dynacase Webdesk freedomrss_search.php freedomrss_search sql injection
Description
A vulnerability was found in Dynacase Webdesk and classified as critical. Affected by this issue is the function freedomrss_search of the file freedomrss_search.php. The manipulation leads to sql injection. Upgrading to version 3.2-20180305 is able to address this issue. The patch is identified as 750a9b35af182950c952faf6ddfdcc50a2b25f8b. It is recommended to upgrade the affected component. VDB-233366 is the identifier assigned to this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<3.2-20180305+ 1 more
- (no CPE)range: <3.2-20180305
- (no CPE)range: n/a
Patches
Vulnerability mechanics
Root cause
"Use of `pg_escape_string()` instead of `pg_escape_literal()` in SQL query construction allows SQL injection via unquoted user input."
Attack vector
An attacker can supply crafted values for the `str` or `user` HTTP parameters to the `freedomrss_search` endpoint. Because `pg_escape_string()` only escapes special characters but does not wrap the value in SQL quotes, the attacker can break out of the intended string context and inject arbitrary SQL operators or clauses [patch_id=2247408]. The injected SQL is then executed against the PostgreSQL database, allowing the attacker to read, modify, or delete data beyond the intended search filter.
Affected code
The vulnerability resides in `dynacase-webdesk-ui/Actions/WEBDESK/freedomrss_search.php` within the `freedomrss_search` function. The `$str` and `$user` parameters, obtained via `GetHttpVars()`, are concatenated into SQL filter strings using `pg_escape_string()`, which does not properly quote the values for PostgreSQL [patch_id=2247408].
What the fix does
The patch replaces `pg_escape_string()` with `pg_escape_literal()` for both the `$str` and `$user` variables in `freedomrss_search.php` [patch_id=2247408]. Unlike `pg_escape_string()`, `pg_escape_literal()` returns a properly quoted and escaped string literal, preventing an attacker from breaking out of the SQL string context. The commit message confirms this corrects a SQL injection vulnerability [ref_id=1].
Preconditions
- networkThe attacker must be able to send HTTP requests to the Dynacase Webdesk application.
- authThe `freedomrss_search` endpoint must be accessible (no authentication bypass is described in the bundle).
- inputThe attacker controls the `str` or `user` HTTP parameters sent to the endpoint.
Generated on May 24, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/dynacase-labs/dynacase-webdesk/commit/750a9b35af182950c952faf6ddfdcc50a2b25f8bmitrepatch
- github.com/dynacase-labs/dynacase-webdesk/releases/tag/3.2-20180305mitrepatch
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
News mentions
0No linked articles in our index yet.