CVE-2022-25125
published 2022-03-03CVE-2022-25125: MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
7.17%
93.5th percentile
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mingsoft | mcms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/mdiy/dict/listExcludeApp?query=1&dictType=1&orderBy=1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1↗
- →Exploit uses a GET request to /mdiy/dict/listExcludeApp with a SQL injection payload in the 'orderBy' parameter using updatexml() error-based injection with comment-based space substitution (/**/). ↗
- →Successful exploitation is confirmed by the presence of the partial MD5 hash 'c8c605999f3d8352d7bb792cf3fdb25' (md5 of '999999999') in the HTTP response body, combined with a Content-Type of 'application/json' in the response header. ↗
- →MCMS instances can be fingerprinted via favicon hash 1464851260 on Shodan or FOFA prior to exploitation. ↗
- →The vulnerability is unauthenticated (PR:N) and exploitable over the network (AV:N) with no user interaction required, making it trivially exploitable at scale. ↗
- ·The SQL injection payload uses comment-based space substitution (/**/) to bypass potential WAF or input filters that block literal spaces in the 'orderBy' parameter. ↗
- ·The detection matcher uses only the first 31 characters of the MD5 hash of '999999999' (c8c605999f3d8352d7bb792cf3fdb25), not the full 32-character hash, which may affect detection precision. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
MCMS 5.2.4 - SQL Injection
nuclei·CVSS 9.8
CVE-2022-25125 [CRITICAL] MCMS 5.2.4 - SQL Injection
MCMS 5.2.4 - SQL Injection
MCMS 5.2.4 contains a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
Template:
id: CVE-2022-25125
info:
name: MCMS 5.2.4 - SQL Injection
author: Co5mos
severity: critical
description: |
MCMS 5.2.4 contains a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially le
2022-03-03
Published