cbcvebase.
CVE-2022-25488
published 2022-03-15

CVE-2022-25488: Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.

PriorityP275critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
7.15%
93.5th percentile
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
thedigitalcraftatomcms

Detection & IOCsextracted from sources · hover to see the quote

path/admin/ajax/avatar.php
url{{BaseURL}}/admin/ajax/avatar.php?id=-1+union+select+md5({{num}})%23
commandid=-1+union+select+md5(999999999)%23
  • Exploit sends a GET request to /admin/ajax/avatar.php with a UNION-based SQL injection payload in the 'id' parameter using id=-1 union select md5(<num>)#
  • Successful exploitation is confirmed when the HTTP 200 response body contains both the md5 hash of the injected number and the string 'avatar-container'
  • The vulnerability is unauthenticated (PR:N) and network-reachable (AV:N), meaning no credentials are required to exploit /admin/ajax/avatar.php
  • ·The Nuclei template uses a numeric sentinel value of 999999999 and its MD5 hash as the oracle for blind/union-based detection; defenders should tune detection rules to look for UNION SELECT patterns in the id parameter rather than this specific value alone

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.