CVE-2022-43350

Vulnerability

The Sanitization Management System v1.0, by oretnom23, contains a SQL injection vulnerability in the id parameter of the /php-sms/classes/Master.php?f=delete_inquiry endpoint. The application does not properly sanitize user input before using it in a SQL query. The vulnerability is present in the id parameter when processing a POST request. The affected version is v1.0 (the only released version) [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted POST request to the vulnerable endpoint. The attacker must be authenticated as a Super Admin (e.g., using credentials admin/admin123) to access the page that triggers the vulnerable code path [1]. The proof-of-concept payload is: id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ This uses an updatexml error-based technique to extract database information [1].

Impact

Successful exploitation allows an authenticated attacker to extract sensitive data from the database, including the database name (sms_db), and potentially other data such as user credentials or business records. The impact is information disclosure via error-based SQL injection. The attacker gains read access to the database contents [1].

Mitigation

As of the publication date (2022-11-07), no official patch or fixed version has been released. The vendor has not provided a security update. The application appears to be a free source code project available on SourceCodester. Users should implement input validation and parameterized queries in the affected Master.php file. Additionally, restricting Super Admin access to trusted users can limit the attack surface. No fix was available at the time of disclosure [1].