Cybersecurity blog header

Saifor CVMS Hub 1.3.1 Vulnerability – CVE-2018-6792

Tarlogic Advisory: Tarlogic-2018-001
Title: SQL Injection in Saifor CVMS Hub 1.3.1
Discovered by: José Manuel Aparicio – Tarlogic (@jm_aparicio)

Saifor Vulnerability – CVE-2018-6792

Multiple SQL injection vulnerabilites in CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple POST parameters to /cvms-hub/privado/seccionesmib/secciones.xhtml.

The following parameteres are prone to be vulnerable:

formularioGestionarSecciones:tablaSeccionesMib:j_idt118:filter
formularioGestionarSecciones:tablaSeccionesMib:j_idt120:filter
formularioGestionarSecciones:tablaSeccionesMib:j_idt122:filter
formularioGestionarSecciones:tablaSeccionesMib:j_idt124:filter
formularioGestionarSecciones:tablaSeccionesMib:j_idt126:filter
formularioGestionarSecciones:tablaSeccionesMib:j_idt128:filter
formularioGestionarSecciones:tablaSeccionesMib:j_idt130:filter

Likewise, SQL injection exists in /cvms-hub/privado/seccionesmib/secciones.xhtml via GET parameter ‘nombreAgente’.

Time Line
——————-

21/12/2017 – Vulnerability reported to vendor (No response)
23/01/2018 – Vulnerability reported to vendor (No Response)
06/02/2018 – Full disclosure after 45 days (https://www.cert.org/vulnerability-analysis/vul-disclosure.cfm)

Discover our work and cybersecurity services.