CVE-2022-44296

Vulnerability

The vulnerability is a SQL injection in the id parameter of /php-sms/admin/quotes/manage_remark.php in Sanitization Management System v1.0 [1]. The application fails to sanitize user input before using it in a SQL query. The vulnerable file is located at /php-sms/admin/quotes/manage_remark.php?id=. The database name is sms_db. Affected version: v1.0.

Exploitation

An attacker must be authenticated as an admin (e.g., admin/admin123) to access the vulnerable page [1]. The attacker can send a GET request to /php-sms/admin/quotes/manage_remark.php?id= with a crafted payload, such as 1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+, which triggers an error-based SQL injection that reveals database information [1]. The attack does not require special privileges beyond admin login.

Impact

Successful exploitation allows an authenticated admin to extract sensitive information from the database, such as the database name, via error-based SQL injection [1]. This could lead to further data exfiltration or compromise of the application's data integrity and confidentiality.

Mitigation

As of the publication date, no patch has been released by the vendor [1]. Users should apply input validation and parameterized queries to prevent SQL injection. The application is from SourceCodester and may be end-of-life or unsupported. No known KEV listing.