Wwallace

**Name of the Vulnerable Software and Affected Versions** Metacat versions 2.0.0 through 2.x **Description** Metacat contains an unauthenticated SQL injection in the '/harvesterRegistration' endpoint. The `dbInsert()` function in `HarvesterRegistration` constructs an INSERT statement for the HARVEST SITE SCHEDULE table using string concatenation. It utilizes a `quoteString()` helper that wraps input in single quotes without proper escaping. The vulnerable parameters are `unit`, `contactEmail`, and `documentListURL`. Because the servlet fails to verify LDAP identity and the PostgreSQL backend allows stacked queries via `executeUpdate()`, an attacker can gain full read, write, and execute access within the database context. **Recommendations** Update to version 3.0.0. As a temporary workaround, restrict access to the '/harvesterRegistration' endpoint to minimize the risk of exploitation.