CVE-2024-7188 Scanner
CVE-2024-7188 scanner - SQL Injection vulnerability in Bylancer Quicklancer
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Time Interval
672 sec
Scan only one
Domain, Ipv4
Toolbox
-
Bylancer Quicklancer is a PHP-based freelance marketplace script that allows users to create platforms for hiring freelancers. It is used by individuals and companies to post jobs, manage freelancers, and handle payments. The software is popular for building customized freelance platforms. Quicklancer integrates various features such as job posting, bidding, and escrow services. It is especially favored by those looking for an affordable and customizable solution for freelance marketplaces.
The vulnerability exists in the "range2" parameter within the Quicklancer platform, allowing an attacker to perform SQL injection. This vulnerability can be exploited without authentication, making it particularly dangerous. The attack vector involves injecting SQL queries into the database through a manipulated HTTP request. As a result, an attacker could gain unauthorized access to sensitive data or disrupt database operations.
The vulnerable endpoint in Quicklancer is the GET request to the /listing
page, specifically targeting the "range2" parameter. The vulnerability allows for both time-based and boolean-based blind SQL injection. By manipulating this parameter, an attacker can execute arbitrary SQL commands, potentially extracting sensitive information or altering the database's content. The attack can be carried out remotely by an unauthenticated user, making it a high-risk issue.
If exploited, this vulnerability could lead to unauthorized data access, data leakage, or database corruption. An attacker could potentially retrieve user credentials, financial information, or other sensitive data. Additionally, the attacker might be able to alter or delete important data, leading to loss of service or integrity. This could severely impact the platform's operation, user trust, and overall security.
Protect your freelance marketplace and ensure your platform's integrity with S4E's comprehensive vulnerability scanner. Our platform provides continuous monitoring, detailed reports, and actionable insights, helping you to maintain a secure and trustworthy environment for your users. By becoming a member, you gain access to a wide range of tools and features designed to safeguard your digital assets. Start securing your platform today with our industry-leading services.
References: