CVE-2022-36599

Vulnerability

Description

Mingsoft MCMS version 5.2.8 is vulnerable to SQL injection in the /mdiy/model/delete URI. The models parameter passed to this endpoint is not properly sanitized, allowing an attacker to inject arbitrary SQL commands. This flaw arises from insufficient input validation, a common root cause in web applications that directly concatenate user-supplied data into SQL queries [1][3].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request to the /mdiy/model/delete endpoint with malicious input in the models parameter. No authentication is required, as the endpoint appears to be publicly accessible. The attack can be executed remotely over the network, making it particularly dangerous for exposed installations [1][3].

Impact

Successful exploitation allows an attacker to execute arbitrary SQL commands on the database backend. This can lead to data exfiltration, modification, or deletion, potentially compromising the entire application's data integrity and confidentiality. In worst cases, it may lead to full database server compromise [1][3].

Mitigation

As of the publication date, no patch has been released. Users are advised to apply input validation and parameterized queries to mitigate the vulnerability. The vendor's repository and issue tracker provide additional context [2][3].