CVE-2022-40347

Vulnerability

Intern Record System version 1.0 is vulnerable to SQL injection in the /intern/controller.php endpoint through the phone, email, deptType, and name parameters [1]. The application fails to sanitize user-supplied input, allowing attackers to inject arbitrary SQL commands. The vulnerability is present in the POST request handling and does not require authentication.

Exploitation

An unauthenticated attacker can exploit this by sending a crafted POST request to /intern/controller.php with malicious payloads in any of the vulnerable parameters. For example, using sqlmap with the --data option and specifying the parameter deptType or email can automate the extraction of data from the department database [1]. The PoC demonstrates that the attack is straightforward and does not require any special privileges.

Impact

Successful exploitation allows the attacker to read, modify, or delete database contents. The description further states that arbitrary code execution is possible [1], likely through features such as INTO OUTFILE or stored procedures in MySQL. This could lead to full compromise of the application and underlying server.

Mitigation

No official patch or updated version has been released by the vendor as of the publication date [1]. The application appears to be a static project from code-projects.org and may no longer be maintained. Developers should migrate to parameterized queries or prepared statements to prevent SQL injection. Until a fix is available, the application should not be exposed to untrusted networks.