CVE-2022-38923

Vulnerability

BluePage CMS through version 3.9 does not sanitize the User-Agent HTTP header before using it in a database query. This allows an attacker to inject malicious SQL code, specifically a time-based blind payload using the SLEEP function. The vulnerability exists in how the CMS processes HTTP headers.

Exploitation

An attacker can craft an HTTP request with a specially crafted User-Agent string containing SQL injection payloads, such as ' OR SLEEP(5)--. No authentication is required; the attacker only needs to send the request to the vulnerable CMS endpoint. The time-based blind technique allows the attacker to infer boolean responses based on server response delay.

Impact

Successful exploitation can lead to unauthorized retrieval of database contents, including sensitive information such as user credentials, session data, or other stored data. The attacker can extract data character by character using time delays.

Mitigation

As of the publication date, no official patch or mitigation has been released. The vendor, BluePage CMS, has not provided a fix for this vulnerability. Users are advised to monitor for updates and consider implementing input validation on the User-Agent header as a workaround. The affected versions are through v3.9.