•  
      request #10162 SqlResult plugin of PHPWiki allows to execute arbitrary SQL query
    Infos
    #10162
    Thomas Gerbet (tgerbet)
    2017-04-28 23:22
    2017-04-19 14:52
    10436
    Details
    SqlResult plugin of PHPWiki allows to execute arbitrary SQL query

    Arbitrary SQL queries can be executed by any user that can edit a PHPWiki page in a project.

    Impact

    An authenticated attacker could execute arbitrary SQL queries.
    CVSSv3 score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

    Exploitation

    Create a PHPWiki page and put something like <?plugin SqlResult alias=phpwiki SELECT SLEEP(10) ?> in it. The generation of the page will end up with a fatal error after 10 seconds.

    Doc/Wiki
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2017-04-20
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2017-04-19 15:07
    A patch is under review: gerrit #8216.

    • Summary
      -SqlResult plugin of PHPWiki allow to execute arbitrary SQL query 
      +SqlResult plugin of PHPWiki allows to execute arbitrary SQL query 
    • Status changed from Under implementation to Under review