CVE-2022-44393

Vulnerability

Sanitization Management System v1.0, built on PHP and MySQL, contains a SQL injection vulnerability in the file /php-sms/admin/services/view_service.php. The id parameter passed via the URL /php-sms/admin/?page=services/view_service&id= is not sanitized, allowing an authenticated attacker to inject malicious SQL queries. The vulnerability is exploitable with SuperAdmin credentials (e.g., admin/admin123) [1].

Exploitation

An attacker must first log in with valid admin credentials. Then, a crafted GET request is sent to the vulnerable endpoint with a payload in the id parameter (e.g., id=2%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+). This causes an error-based SQL injection that reveals database information, such as the database name (sms_db) [1].

Impact

Successful exploitation allows the attacker to retrieve sensitive information from the database, including the database name and potentially other data. This leads to confidentiality impact, as the attacker can extract contents from the sms_db database. The attack does not require special privileges beyond the admin role already needed to access the vulnerable page [1].

Mitigation

As of the publication date, no official patch or fixed version has been released by the vendor. Users should implement input validation and parameterized queries to prevent SQL injection. The software is from SourceCodester and may be discontinued; checking for updates or migrating to an alternative solution is recommended [1].