CVE-2022-44859

Vulnerability

The Automotive Shop Management System v1.0 is vulnerable to SQL injection in the id parameter of /asms/admin/products/manage_product.php. An authenticated attacker can inject SQL commands through the id parameter. The vulnerability is present in version 1.0 as disclosed by the vendor [1].

Exploitation

To exploit the vulnerability, an attacker must first authenticate with valid admin credentials, such as admin/admin123 (Super Admin account). The attacker then sends a crafted GET request to /asms/admin/products/manage_product.php?id=7%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ to trigger an error-based SQL injection that extracts database information [1].

Impact

Successful exploitation allows an attacker to extract sensitive data from the database, such as the database name (asms_db) and potentially other data via error-based or boolean-based SQL injection. This leads to information disclosure of the underlying database [1].

Mitigation

No official fix has been released as of the publication date. Users should apply input validation and use parameterized queries to prevent SQL injection. Disabling error-based SQL output or upgrading to a patched version when available is recommended [1].