CVE-2022-42243

Vulnerability

The vulnerability resides in /csms/admin/storages/manage_storage.php where the id parameter is directly concatenated into SQL queries without sanitization. This SQL injection flaw affects Simple Cold Storage Management System v1.0, built with PHP 8.1 and available from SourceCodester. The vulnerable code path is reachable only after authenticating with a Super Admin account (default credentials admin/admin123). [1]

Exploitation

An attacker must first log in as a Super Admin. Once authenticated, they can craft a GET request to /csms/admin/storages/manage_storage.php?id= with a malicious SQL payload. The reference demonstrates a payload using updatexml() to trigger an error-based extraction of the database name: id=2%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+. The attacker can modify the payload to extract other data from the csms_db database. [1]

Impact

Successful exploitation allows the attacker to read arbitrary data from the database, including user credentials, storage records, and other sensitive information. The injection is error-based, enabling extraction of database contents without direct output. The attacker gains unauthorized access to the application's backend data, potentially leading to further compromise. [1]

Mitigation

No official patch or fixed version has been released by the vendor as of the publication date. The application is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog. Until a fix is available, administrators should restrict access to the admin panel, enforce strong passwords, and implement input validation and parameterized queries to prevent SQL injection. [1]