CVE-2022-43230

Vulnerability

Simple Cold Storage Management System v1.0, developed by oretnom23, contains a SQL injection vulnerability in the /admin/?page=bookings/view_details endpoint. The id parameter is directly concatenated into SQL queries without sanitization, allowing an attacker to inject arbitrary SQL commands. The application is built on PHP 8.1 and uses a MySQL database named csms_db. The vulnerability is present in all installations of version 1.0 [1].

Exploitation

The attacker must have network access to the /admin/ directory, which by default requires login credentials; however, the reference discloses Super Admin credentials (admin/admin123). The attack consists of sending a crafted GET request, such as id=-2' union select 1,database(),3,4,5,6,7,8,9,10,11,12,13--+, to the vulnerable endpoint. This injection extracts information from the database like the current database name. No special privileges beyond a valid session are needed, as the vulnerability is in a parameter used by authenticated users [1].

Impact

Successful exploitation allows an attacker to retrieve sensitive information from the database, including database names, table structures, and potentially user credentials or other personal data. The impact is primarily a breach of confidentiality (information disclosure). The attacker does not gain immediate code execution or file write access through this specific injection, but the extracted data could enable further attacks [1].

Mitigation

As of publication (2022-10-28), no official patch or fixed version has been released by the vendor. The software is no longer actively maintained (source codester project). Users should consider migrating to a supported solution or implementing input validation and parameterized queries on the id parameter as a workaround. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of this writing [1].