CVE-2022-31977
published 2022-06-02CVE-2022-31977: Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team.
PriorityP356critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
7.16%
93.5th percentile
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| online_fire_reporting_system_project | online_fire_reporting_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect time-based blind SQLi exploitation attempts targeting the delete_team function via POST to /classes/Master.php?f=delete_team; look for SLEEP() payloads in the POST body 'id' parameter. ↗
- →A successful exploitation response contains the string 'status":"success"}' in the HTTP response body with HTTP 200 and Content-Type text/html. ↗
- →Monitor for anomalous response durations >= 6 seconds on POST requests to /classes/Master.php?f=delete_team, indicative of a successful SLEEP-based SQL injection. ↗
- →The vulnerability is unauthenticated (PR:N, UI:N); any external source can trigger it. Flag POST requests to the endpoint with SQL keywords (SELECT, SLEEP, AND) in the 'id' parameter. ↗
- ·The Nuclei template uses a 10-second HTTP timeout (@timeout: 10s) to accommodate the SLEEP(6) payload; detection rules based on response time should account for this threshold to avoid false negatives. ↗
- ·The vulnerable endpoint path in the NVD advisory includes the '/ofrs/' prefix (/ofrs/classes/Master.php), while the Nuclei template uses the relative path (/classes/Master.php). Detection rules should cover both variants depending on deployment context. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Online Fire Reporting System v1.0 - SQL injection
nuclei·CVSS 9.8
CVE-2022-31977 [CRITICAL] Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team.
Template:
id: CVE-2022-31977
info:
name: Online Fire Reporting System v1.0 - SQL injection
author: theamanrawat
severity: critical
description: |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
remediation: |
Upgrade to the latest version to mitigate this vulnerability.
reference:
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQ
No writeups or analysis indexed.
2022-06-02
Published