Phenix Multiple Bugs

vendor:

Phenix

by:

ItSecTeam

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: Phenix

Affected Version From: 35b

Affected Version To: 35b

Patch Exists: YES

Related CWE: N/A

CPE: a:phenix:phenix

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

The ItSecTeam has discovered a new Multiple bug in phenix Lastest Version 35b. The vulnerability is a SQL Injection vulnerability which can be exploited by sending malicious code in the 'moisEnCours' parameter of the 'agenda_titre.php' page. This can allow an attacker to gain access to sensitive information from the database.

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

Dear Sir / Madam
The ItSecTeam has discovered a new Multiple bug in phenix Lastest Version 35b and will be glad to report and public it .
More information about this bug is listed below :
=======================================================================================
Topic :     Phenix
Bug type : SQL Injection
Author : ItSecTeam
Remote : Yes
Status   : Bug
===================== Content ======================
( # Advisory Content : Phenix
( # Script : http://easy-script.com/scripts-PHP/phenix-35b-5503.html
( # Mail : Bug@ItSecTeam.com
( # Find By : Amin Shokohi(Pejvak!)
( # Special Tnx : M3hr@n.S , 0xd41684c654 And All Team Members!
( # Website : WwW.ItSecTeam.com<http://www.itsecteam.com/>
( # Forum : WwW.Forum.ItSecTeam.com<http://www.itsecteam.com/>

=================================================
============================================= Exploit 1 =======================================
( * http://localhost/phenix/agenda_titre.php?moisEnCours=Sql Injection Code
----------------------------------------------------------------------------------
<BUG>
  $DB_CX->DbQuery("SELECT fet_nom FROM ${PREFIX_TABLE}fetes WHERE fet_mois=***".$moisEnCours."*** AND fet_jour=".intval($jourEnCours));
</Bug>
----------------------------------------------------------------------------------
===========================================================================================
============================================= Exploit 2 =======================================
( * http://localhost/phenix/agenda_titre.php?moisEnCours=Sql Injection Code
-----------------------------------------------------------------------------------
<BUG>
 $DB_CX->DbQuery("SELECT util_nom, util_prenom, util_login, util_interface, util_debut_journee, util_fin_journee, util_telephone_vf, util_planning, util_partage_planning, util_email, util_autorise_affect, util_alert_affect, util_precision_planning, util_semaine_type, util_duree_note, util_rappel_delai, util_rappel_type, util_rappel_email FROM ${PREFIX_TABLE}utilisateur WHERE util_id="***.$idUser***);
</<BUG>>
------------------------------------------------------------------------------------
==========================================================================================