CVE-2022-29750

Vulnerability

Simple Client Management System version 1.0 is vulnerable to SQL injection in the /cms/classes/Master.php?f=delete_service endpoint. The id parameter is directly concatenated into SQL queries without sanitization, allowing an attacker to inject arbitrary SQL statements. This affects all installations of version 1.0 as provided by Sourcecodester [1].

Exploitation

An attacker can exploit this vulnerability by sending a POST request to /cms/classes/Master.php?f=delete_service with a crafted id parameter. The provided proof-of-concept uses an error-based technique with the updatexml() function to extract database information. The attack requires no special privileges beyond a valid session cookie, as demonstrated in the reference [1].

Impact

Successful exploitation allows an attacker to retrieve sensitive data from the database, such as database names, table structures, and potentially user credentials. The impact is primarily information disclosure, which could lead to further compromise of the application [1].

Mitigation

As of the publication date, no official patch or updated version has been released by the vendor. Users should apply input validation and parameterized queries to mitigate the vulnerability. Until a fix is available, restricting network access to the application and monitoring for suspicious requests are recommended [1].