Today, Talos is disclosing several vulnerabilities that have been identified by Portcullis in various software products. All four vulnerabilities have been responsibly disclosed to each respective developer in order ensure they are addressed. In order better protect our customers, Talos has also developed Snort rules that detect attempts to exploit these vulnerabilities.
TALOS-2017-0313 (CVE-2016-9048) ProcessMaker Enterprise Core Multiple SQL Injection Vulnerabilities
TALOS-2017-0313 was identified by Jerzy Kramarz of Portcullis.
TALOS-2017-0313 encompasses multiple SQL injection vulnerabilities in ProcessMarker Enterprise Core 22.214.171.124-community. These vulnerabilities manifest as a result of improperly sanitizing input received in web requests. An attacker who transmits a specifically crafted web request to an affected server with parameters containing SQL injection attacks could trigger this vulnerability. This could allow exfiltration of the database information, user credentials, and in certain configuration access the underlying operating system.