lh-ehr icon indicating copy to clipboard operation
lh-ehr copied to clipboard

Published 20 hours ago verified publisher icon LibreHealthIO

Authenticated SQL Injection in show_groups_popup.php

Open prodigysml opened this issue 6 years ago • 11 comments

The Issue

SQL Injections are vulnerabilities in which the developer overly trusts user controlled input. This allows an attacker to perform malicious queries upon the database, which can lead to compromise of all data within the database and question the integrity of the data.

An attacker must be authenticated to perform this attack.

Where the Issue Occurred

The following code snippet shows the SQL query being created with a tainted variable: https://github.com/LibreHealthIO/lh-ehr/blob/cacaa71dca75c3bf53cdce506fbb62e8b0593f76/interface/super/show_groups_popup.php#L51-L52

The following code snippet show the above-mentioned SQL query being executed: https://github.com/LibreHealthIO/lh-ehr/blob/cacaa71dca75c3bf53cdce506fbb62e8b0593f76/interface/super/show_groups_popup.php#L53

prodigysml avatar Jul 23 '18 12:07 prodigysml

SQL binding is needed there.

teryhill avatar Jul 24 '18 02:07 teryhill

Hello @tmccormi can I work on this Issue?

prondubuisi avatar Nov 07 '18 03:11 prondubuisi

by all means

Tony McCormick Medical Information Integration

On Tue, Nov 6, 2018, 7:07 PM Onyemenam Ndubuisi <[email protected] wrote:

Hello @tmccormi https://github.com/tmccormi can I work on this Issue?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/LibreHealthIO/lh-ehr/issues/1215#issuecomment-436489011, or mute the thread https://github.com/notifications/unsubscribe-auth/AARciy6LxNsK6Vs_hrYKKoFhLAxKNTOXks5usk6LgaJpZM4Va5NN .

-- Please be aware that e-mail communication can be intercepted in transmission or misdirected. Please consider communicating any sensitive information by telephone.  The information contained in this message may be privileged and confidential. If you are NOT the intended recipient,

please notify the sender immediately with a copy to  [email protected] mailto:[email protected] and destroy this message.

tmccormi avatar Nov 07 '18 05:11 tmccormi

@prondubuisi Shall I send you a project invitation so I can assign you to this?

aethelwulffe avatar Jan 22 '19 22:01 aethelwulffe

Yes @aethelwulffe

prondubuisi avatar Jan 23 '19 12:01 prondubuisi

@prondubuisi I have added you as a read-collaborator. Pick up your invite. @teryhill look at all our permissions. I amped up write access for a couple more of our collaborators that have been contributing for over a year, and have been helping with review or other tasks outside of a GSOC type program setting.

aethelwulffe avatar Jan 23 '19 16:01 aethelwulffe

Hi :) Note that it appears CVE-2018-1000650 was assigned to this issue. I'm assuming this was fixed in 5faa99e ?

NicoleG25 avatar Jan 08 '20 13:01 NicoleG25

Hello @NicoleG25 this is fixed already. Looks like you are interested in security would be very happy to have a chat, what is this all about CVE-2018-1000650

prondubuisi avatar Jan 08 '20 15:01 prondubuisi

@muarachmann can we close this?

prondubuisi avatar Jan 08 '20 15:01 prondubuisi

Hello @NicoleG25 this is fixed already. Looks like you are interested in security would be very happy to have a chat, what is this all about CVE-2018-1000650

Gladly, I'll email you privately :) Cheers!

NicoleG25 avatar Jan 09 '20 06:01 NicoleG25

Hello @muarachmann can this issue be closed since it is fixed already? I am looking at picking up more security related issues in the coming days!

prondubuisi avatar May 09 '20 03:05 prondubuisi