CVE-2024-31212

SQL injection in index_chart_data action

Severity Score

6.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in index_chart_data action, which receives an input from user and passes it unsanitized to the core model `filterFunc` function that further embeds this data in an SQL statement. This allows attackers to inject unwanted SQL code into the statement. The `period` should be escaped before inserting it in the query. As of time of publication, a patched version is not available.

InstantCMS es un sistema de gestión de contenidos gratuito y de código abierto. Una vulnerabilidad de inyección SQL afecta a instantcms v2.16.2 en la que un atacante con privilegios administrativos puede hacer que la aplicación ejecute código SQL no autorizado. La vulnerabilidad existe en la acción index_chart_data, que recibe una entrada del usuario y la pasa sin desinfectar a la función `filterFunc` del modelo central que incorpora aún más estos datos en una declaración SQL. Esto permite a los atacantes inyectar código SQL no deseado en la declaración. Se debe utilizar un carácter de escape antes de insertarlo en la consulta. Al momento de la publicación, no hay una versión parcheada disponible.

*Credits: N/A

CVSS Scores

GitHubv3.1 6.7

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-03-29 CVE Reserved
2024-04-04 CVE Published
2024-04-05 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CAPEC

References (4)

URL	Tag	Source
https://github.com/instantsoft/icms2/blob/4691a1524780e74107f6009b48d91e17a81b0fa1/system/controllers/admin/actions/index_chart_data.php#L190	X_refsource_misc
https://github.com/instantsoft/icms2/blob/4691a1524780e74107f6009b48d91e17a81b0fa1/system/core/model.php#L744	X_refsource_misc
https://github.com/instantsoft/icms2/security/advisories/GHSA-qx95-w566-73fw	X_refsource_confirm
https://user-images.githubusercontent.com/109034767/300806111-a33d9548-d99f-4034-bef3-fbd7fa62c37f.png	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Instantsoft Search vendor "Instantsoft"		Icms2 Search vendor "Instantsoft" for product "Icms2"				2.16.2 Search vendor "Instantsoft" for product "Icms2" and version "2.16.2"		en		Affected