CVE-2022-29982

Vulnerability

A SQL injection vulnerability exists in Simple Client Management System 1.0, specifically in the /cms/admin/maintenance/manage_service.php script. The id parameter is not properly sanitized before being used in a SQL query, allowing an attacker to inject arbitrary SQL commands. The vulnerability is present in version 1.0 as provided on SourceCodester [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP GET request to the vulnerable endpoint with a malicious id parameter. The proof-of-concept payload uses a boolean-based blind SQL injection technique to determine the database name length [1]. While the request appears to require an authenticated session (as indicated by the PHPSESSID cookie), the injection itself can be carried out by any authenticated user who can access the maintenance module.

Impact

Successful exploitation allows an attacker to extract sensitive information from the database, such as the database name and potentially other data like user credentials or client records. This could lead to further compromise of the application and underlying data [1].

Mitigation

No official fix or updated version has been released by the vendor as of the publication date. The recommended mitigation is to implement parameterized queries or prepared statements to prevent SQL injection. Application owners should also ensure that user input is properly validated and sanitized. Until a patch is available, access to the management interface should be restricted to trusted users only.