CVE-2022-31976
published 2022-06-02CVE-2022-31976: Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.
PriorityP356critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
7.16%
93.5th percentile
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| online_fire_reporting_system_project | online_fire_reporting_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/classes/Master.php?f=delete_request
commandid='+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN
- →Time-based blind SQL injection: detect POST requests to /classes/Master.php?f=delete_request where the `id` parameter contains SQL sleep payloads; a response duration >= 6 seconds with HTTP 200 and body containing 'status":"success"}' indicates successful exploitation.
- →Match response body for the string 'status":"success"}' combined with Content-Type text/html and HTTP 200 to confirm vulnerable endpoint response.
- →The vulnerable endpoint accepts POST requests with Content-Type application/x-www-form-urlencoded; monitor for anomalous `id` parameter values containing SQL keywords (SELECT, SLEEP, AND) on this path.
- ·The Nuclei template uses a SLEEP(6) threshold (@timeout: 10s) for time-based detection; network latency may cause false positives or false negatives — tune the duration threshold to match the target environment.
- ·The vulnerable path prefix in the NVD description includes /ofrs/ (i.e. /ofrs/classes/Master.php), while the Nuclei PoC omits it (POST /classes/Master.php). Detections should account for both path variants depending on deployment configuration. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Online Fire Reporting System v1.0 - SQL injection
nuclei·CVSS 9.8
CVE-2022-31976 [CRITICAL] Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.
Template:
id: CVE-2022-31976
info:
name: Online Fire Reporting System v1.0 - SQL injection
author: theamanrawat
severity: critical
description: |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
remediation: |
To remediate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being used in SQL queries.
reference:
- https://github.
No writeups or analysis indexed.
2022-06-02
Published