OpenConf <= 4.11 (author/edit.php) SQL Injection Vulnerability

Description:

OpenConf contains a flaw that may allow an attacker to carry out a blind SQL injection attack. The issue is due to the author/edit.php script not properly sanitizing user-supplied input passed via the ‘pid’ POST parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Successful exploitation of this vulnerability requires at least a record into the paper table and the ‘Edit Submission’ feature to be enabled.

References:

• CVE-2012-1002
• BID-51927
• EDB-18820
• http://www.openconf.com/news/#20120202

Disclosure Date:

May 2, 2012