When creating a new customer, the application fails to properly sanitize the input of the email address. An attacker can easily craft a malicious email message that contains a SQL query and inject it into the application to obtain access to other customer data.
An authenticated SQL Injection vulnerability in the payment page (/payment) of Maarch RM 2.8, via the order_total SQL parameter, allows an attacker to view and modify the customer's payment information.
An authenticated SQL Injection vulnerability in the invoice page (/invoice) of Maarch RM 2.8 allows an attacker to view and modify the customer's invoice information.
An authenticated SQL Injection vulnerability in the order details page (/order_details) of Maarch RM 2.8 allows an attacker to view and modify the customer's order information.
An authenticated SQL Injection vulnerability in the order tracking page (/order_tracking) of Maarch RM 2.8 allows an attacker to view and modify the customer's order details.
An authenticated SQL Injection vulnerability in the order status page (/order_status) of Maarch RM 2.8 allows an attacker to view and modify the customer's order details.
An authenticated SQL Injection vulnerability in the account status page (/account_status) of Maarch RM 2.8 allows an attacker to view and modify the customer's account details.
An authenticated SQL Injection vulnerability in the account details page (/account_details) of
Risks and Mitigation Strategies
Steps to Mitigate:
1. Update the application to use appropriate tokens for all inputs.
2. Validate input data against a whitelist/blacklist of values at runtime.
3. Use parameterized queries for all SQL statements, such as using ?order_status=SELECT * FROM order_status WHERE status=' processing ' .
Timeline
Published on: 11/23/2022 00:15:00 UTC
Last modified on: 11/26/2022 03:34:00 UTC