CVE-2020-37105

Vulnerability

Description

CVE-2020-37105 is a SQL injection vulnerability in PMB version 5.6 and earlier. The flaw resides in the administration download script at /admin/sauvegarde/download.php, where the logid parameter is not properly sanitized before being used in SQL queries. This allows an authenticated attacker with administration privileges to inject arbitrary SQL commands [1][3].

Exploitation

To exploit the vulnerability, an attacker must be authenticated with administration-level access to the PMB application. They can then send a crafted HTTP GET request to the vulnerable endpoint, manipulating the logid parameter to inject malicious SQL statements. The exploit is straightforward and can be automated using tools like SQLMap, as demonstrated in public proof-of-concept code [3].

Impact

Successful exploitation allows an attacker to execute arbitrary SQL commands against the underlying database. This can lead to extraction of sensitive data, such as user credentials, bibliographic records, and other stored information. The attacker could also modify or delete database content, potentially compromising the integrity and availability of the library management system [4].

Mitigation

According to the vendor, PMB 5.6 is an older release, and the vulnerability has been addressed in later versions. Users are strongly advised to upgrade to the latest stable release of PMB, such as version 8.0.1 or later, which includes security fixes [1]. There is no known workaround for this vulnerability other than upgrading.