CVE-2022-30415

Vulnerability

The Covid-19 Travel Pass Management System v1.0 by oretnom23 is vulnerable to SQL injection in the file /ctpms/admin/applications/update_status.php. The id parameter is directly concatenated into a SQL query without sanitization, allowing an attacker to inject arbitrary SQL code. The application is available from SourceCodester [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted GET request to /ctpms/admin/applications/update_status.php?id= with a malicious SQL payload. No authentication is required; the vulnerable endpoint is accessible without a valid session. For example, the payload /?id=1%27%20and%20length(database())%20=%208--+ reveals database information through differences in response length [1].

Impact

Successful exploitation allows an attacker to extract sensitive data from the database, including credentials and travel pass information. The SQL injection can lead to full disclosure of the underlying database contents (confidentiality breach) and potentially allow for further attacks such as data manipulation or access to administrative functions [1].

Mitigation

No official fix has been released for CVE-2022-30415 as of the publication date. The vendor has not provided a patched version. Users should restrict access to the admin directory and implement input validation and parameterized queries. The application is not listed in CISA's Known Exploited Vulnerabilities catalog as of now.