A blind SQL injection vulnerability in search form in TeamMate+ Audit allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc.
Application contains multiple search inputs, which suffers from Blind SQL injection vulnerability, list (might not be complete):
Mentioned inputs can be used to insert SQL queries, which are either true or false and webpage response code can be used as oraculum:
True SQL statement in search input (for example ' OR 1=1 -- ) cause the webpage to returns statuse code 500 in response.
False SQL statement in search input (for example ' OR 1=2 -- ) cause the webpage to returns statuse code 200 in response.
Following principle can be used to gradually extract secrets from database, for example if database name starts on A, following query will be true: ' OR db_name() LIKE 'A%' -- . In order to automate this process you can use tools like SQLmap.
Update your TeamMate+ application to version 33.0.31.0 or newer.