CVE-2018-7463

Vulnerability

ASANHAMAYESH CMS version 3.4.6 contains a SQL injection vulnerability in the files.php script, which is part of the "files" component. The id parameter is not properly sanitized, allowing an attacker to inject arbitrary SQL commands. The CMS is designed for managing scientific conferences, and this vulnerability affects the core database queries when the files.php endpoint is accessed with a crafted id value [1].

Exploitation

The attack can be performed remotely without any authentication. According to the advisory, an attacker as a normal user would use a simple SQL injection technique [1]. The CVSS exploitability subscore is 10/10, indicating low complexity and no required privileges or user interaction. The attack vector is via HTTP GET request to the vulnerable endpoint (e.g., http://itjdconf.ir/fa/files.php?id=2).

Impact

Successful exploitation allows a remote attacker to execute arbitrary SQL commands against the underlying database. This leads to disclosure of all user credentials, reviewer personal information, and private articles managed by the CMS. The CVSS impact subscore is 6.4/10, with partial confidentiality, integrity, and availability impacts. The attacker can escalate privileges and gain access to sensitive data [1].

Mitigation

As of the publication date (2018-02-26), no official fix or patch has been disclosed by the vendor (asanhamayesh.com) for version 3.4.6 [1]. The advisory does not mention a fixed version. Users should consider upgrading to a newer version of the CMS if available, or implement input validation and parameterized queries for the id parameter in files.php as a workaround. This CVE is not listed in the CISA KEV catalog as of the knowledge cutoff.