CVE-2023-26020 - SQL injection in search for users and groups in CrafterCMS

1. Vulnerability Properties

Title: SQL injection in search for users and groups in CrafterCMS
CVE ID: CVE-2023-26020
CVSSv3 Base Score: 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vendor: CrafterCMS
Products: CrafterCMS
Advisory Release Date: 27 Feb 2023
Advisory URL: https://labs.integrity.pt/advisories/CVE-2023-26020
Credits: Discovery by Gil Correia <gil.correia[at]devoteam.com>

2. Vulnerability Summary

There’s an SQLi in /studio/api/2/users and in /studio/api/2/groups, both on the parameter keyword. By applying an boolean based condition, if the condition is true, the response has all the results and if the condition is false the response as obviously no results (testing condition beeing ‘+AND+123=123–+-).

3. Vulnerable Versions

  • 4.0.1

4. Solution

  • Update to the patched versions, 4.0.2 or 3.1.27

5. Vulnerability Timeline

  • 01/08/22 -Vulnerability reported to CrafterCMS via their report email address.
  • 13/09/22 -Vulnerability verified by vendor.
  • 17/02/23 -Vulnerability fixed by vendor.
  • 27/02/23 -Advisory released.

6. References

  • https://www.cve.org/CVERecord?id=CVE-2023-26020

Latest Advisories

Latest Articles

© 2024 INTEGRITY S.A. All rights reserved. | Cookie Policy

Cookie Consent X

Integrity S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.