Realtyna RPL 8.9.2 Joomla Extension Multiple SQL Injection Vulnerabilities

Title: Realtyna RPL 8.9.2 Joomla Extension Multiple SQL Injection Vulnerabilities
Advisory ID: ZSL-2015-5272
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data
Risk: (4/5)
Release Date: 22.10.2015
Summary
Realtyna CRM (Client Relationship Management) Add-on for RPL is a Real Estate CRM specially designed and developed based on business process and models required by Real Estate Agents/Brokers. Realtyna CRM intends to increase the Conversion Ratio of the website Visitors to Leads and then Leads to Clients.
Description
Realtyna RPL suffers from multiple SQL Injection vulnerabilities. Input passed via multiple POST parameters is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Vendor
Realtyna LLC - https://www.realtyna.com
Affected Version
8.9.2
Tested On
Apache
PHP/5.4.38
Vendor Status
[05.10.2015] Vulnerability discovered.
[06.10.2015] CVE-2015-7714 and CVE-2015-7715 assigned.
[07.10.2015] Contact with the vendor.
[07.10.2015] Vendor responded asking for details.
[07.10.2015] Advisory and details sent to the vendor.
[08.10.2015] Vendor confirms the vulnerability scheduling patch release date.
[21.10.2015] Vendor releases version 8.9.5 to address these issues.
[22.10.2015] Coordinated public security advisory released.
PoC
realtyna_sqli.txt
Credits
Vulnerability discovered by Bikramaditya Guha - <bik@zeroscience.mk>
High five to lqwrm and crash!
References
[1] http://rpl.realtyna.com/Change-Logs/RPL7-Changelog
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7714
[3] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7714
[4] https://cxsecurity.com/issue/WLB-2015100147
[5] https://www.exploit-db.com/exploits/38527/
[6] https://packetstormsecurity.com/files/134066
[7] https://exchange.xforce.ibmcloud.com/vulnerabilities/107582
Changelog
[22.10.2015] - Initial release
[24.10.2015] - Added reference [4], [5] and [6]
[31.10.2015] - Added reference [7]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk