Miggo Logo
Miggo Vulnerability Database
CVE-2017-5346

CVE-2017-5346: GeniXCMS SQL injection vulnerability

7.2

CVSS Score
3.0

Basic Information

CVE ID
CVE-2017-5346
GHSA ID
GHSA-2ppw-6xvg-rwgw
EPSS Score
0.7685%
CWE
CWE-89
Published
5/14/2022
Updated
4/25/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
genix/cmscomposer< 1.0.01.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper neutralization of the 'id' parameter in backend post operations. The GitHub patch shows multiple instances where $_GET['id'] was used directly in database operations without validation. Key evidence includes:

  1. The commit adds Typo::int($_GET['id']) sanitization in posts.control.php
  2. CWE-89 directly maps to SQL injection via user-controlled parameters
  3. The vulnerability description specifies authenticated admins can exploit via 'id' parameter
  4. Multiple functions (delete/publish/unpublish) showed unsafe $_GET['id'] usage in their pre-patch versions
  5. The patch consistently adds integer validation across these entry points

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

SQL inj**tion vuln*r**ility in `in*/li*/*ontrol/***k*n*/posts.*ontrol.p*p` in **niX*MS *.*.* *llows r*mot* *ut**nti**t** **ministr*tors to *x**ut* *r*itr*ry SQL *omm*n*s vi* t** i* p*r*m*t*r to *x**min/in**x.p*p.

Reasoning

T** vuln*r**ility st*mm** *rom improp*r n*utr*liz*tion o* t** 'i*' p*r*m*t*r in ***k*n* post op*r*tions. T** *it*u* p*t** s*ows multipl* inst*n**s w**r* $_**T['i*'] w*s us** *ir**tly in **t***s* op*r*tions wit*out v*li**tion. K*y *vi**n** in*lu**s: *