OpenConf <= 4.11 (author/edit.php) SQL Injection Vulnerability


OpenConf contains a flaw that may allow an attacker to carry out a blind SQL injection attack. The issue is due to the author/edit.php script not properly sanitizing user-supplied input passed via the ‘pid’ POST parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Successful exploitation of this vulnerability requires at least a record into the paper table and the ‘Edit Submission’ feature to be enabled.


Disclosure Date:

May 2, 2012