Security
Headlines
HeadlinesLatestCVEs

Headline

DerbyNet 9.0 print/render/racer.inc SQL Injection

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/racer.inc.

Packet Storm
#sql#vulnerability#web#git#php#acer#auth

CVE ID: CVE-2024-30923

Description:
An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, specifically within the print/render/racer.inc component. This vulnerability allows remote attackers to execute arbitrary code and disclose sensitive information by exploiting improper sanitization of the where clause in Racer Document Rendering.

Vulnerability Type: SQL Injection

Vendor of Product: DerbyNet - Available on GitHub: https://github.com/jeffpiazza/derbynet

Affected Product Code Base: DerbyNet - v9.0

Affected Component: print/render/racer.inc

Attack Type: Remote

Impact:

  • Code execution: True
  • Information Disclosure: True

Attack Vectors:
The vulnerability is present in the print/render/racer.inc component of DerbyNet, due to insufficient sanitization of the where parameter within the URL. Attackers can manipulate SQL queries by injecting malicious SQL commands through the where parameter, as demonstrated in the following URL:

  • http://127.0.0.1:8000/render-document.php/award/GoldCupAwardDocument?where=1

This manipulation could lead to unauthorized access to database information and potential code execution on the server hosting the application.

Discoverer: Valentin Lobstein

References:

  • Official website: http://derbynet.com
  • Source code on GitHub: https://github.com/jeffpiazza/derbynet

Packet Storm: Latest News

Red Hat Security Advisory 2024-8690-03