CVE-2018-14515

Vulnerability

A SQL injection vulnerability exists in WUZHI CMS version 4.1.0 within the promote search functionality. The keywords parameter in the URL index.php?m=promote&f=index&v=search is not properly sanitized, allowing an attacker to inject arbitrary SQL statements. The vulnerability affects all installations of WUZHI CMS 4.1.0 [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable endpoint with a malicious SQL payload in the keywords parameter. No authentication is required. For example, the payload jiguang'and+extractvalue(1,concat(0x7e,md5(777)))%23 triggers a SQL error that discloses the MD5 hash of 777 through the error message [1]. The attacker can leverage this to extract sensitive data from the database.

Impact

Successful exploitation allows an attacker to perform SQL injection, potentially leading to unauthorized access to the database, disclosure of sensitive information (such as user credentials or other data), and in some cases, further compromise of the server [1]. The example demonstrates information disclosure via error-based SQL injection.

Mitigation

As of the publication date, no official patch has been released for WUZHI CMS 4.1.0 to address this vulnerability. Users should monitor the vendor's repository for updates and consider applying input validation or using a web application firewall as a temporary workaround [1].