CVE-2022-23898
published 2022-03-03CVE-2022-23898: MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
7.73%
93.9th percentile
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mingsoft | mcms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring POST requests to /cms/content/list with SQL injection payloads in the categoryId parameter, specifically using updatexml() error-based injection. ↗
- →Confirm successful exploitation by checking HTTP response body for the partial MD5 hash string 'c8c605999f3d8352d7bb792cf3fdb25' (md5(999999999) truncated), which is the error-based SQLi canary value. ↗
- →Identify MCMS-hosted targets via Shodan using favicon hash 1464851260 or FOFA query icon_hash="1464851260". ↗
- →The vulnerable parameter is categoryId in the file IContentDao.xml; monitor SQL error responses (e.g., updatexml/XPATH errors) in responses to requests targeting this endpoint. ↗
- ·The exploit uses a numeric canary value (999999999) whose MD5 is computed at runtime; the response match string 'c8c605999f3d8352d7bb792cf3fdb25' is the first 31 characters of md5(999999999) as returned inside an XPATH error — detection rules should account for this truncation. ↗
- ·The vulnerability is unauthenticated (PR:N, UI:N per CVSS), meaning no session or login is required to exploit the /cms/content/list endpoint. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
SQL injection in net.mingsoft:ms-mcms
ghsa·2022-03-04
CVE-2022-23898 [CRITICAL] CWE-89 SQL injection in net.mingsoft:ms-mcms
SQL injection in net.mingsoft:ms-mcms
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.
OSV
SQL injection in net.mingsoft:ms-mcms
osv·2022-03-04
CVE-2022-23898 [CRITICAL] SQL injection in net.mingsoft:ms-mcms
SQL injection in net.mingsoft:ms-mcms
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.
No detection rules found.
Nuclei
MCMS 5.2.5 - SQL Injection
nuclei·CVSS 9.8
CVE-2022-23898 [CRITICAL] MCMS 5.2.5 - SQL Injection
MCMS 5.2.5 - SQL Injection
MCMS 5.2.5 contains a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
Template:
id: CVE-2022-23898
info:
name: MCMS 5.2.5 - SQL Injection
author: Co5mos
severity: critical
description: |
MCMS 5.2.5 contains a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries
2022-03-03
Published