CVE-2022-40032
published 2023-02-17CVE-2022-40032: SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
20.69%
97.2th percentile
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| simple_task_managing_system_project | simple_task_managing_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandlogin=-1%27+and+6%3d3+or+1%3d1%2b(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)%2b%27&password=P@ssw0rd!↗
commandlogin=test'%20AND%20(SELECT%208979%20FROM%20(SELECT(SLEEP(10-(IF(ORD(MID((SELECT%20DISTINCT(IFNULL(CAST(schema_name%20AS%20NCHAR)%2c0x20))%20FROM%20INFORMATION_SCHEMA.SCHEMATA%20LIMIT%200%2c1)%2c12%2c1))%3e48%2c0%2c1)))))jaXJ)--%20HgKq&password=↗
- →Monitor POST requests to /TaskManagingSystem/loginValidation.php (or /task/loginValidation.php) for SQL injection patterns in the 'login' and 'password' parameters, particularly payloads containing SLEEP(), ROW(), CONCAT(CHAR(...)), INFORMATION_SCHEMA references, or time-based blind injection markers. ↗
- →Detect time-based blind SQLi by alerting on HTTP responses with duration >= 10 seconds to POST /loginValidation.php combined with a 302 redirect to login.php. ↗
- →Flag POST bodies to loginValidation.php containing URL-encoded SQL time-delay payloads such as SLEEP(10) or the pattern (SELECT(SLEEP(...))). ↗
- →Detect sqlmap exploitation attempts targeting loginValidation.php by inspecting for sqlmap's default User-Agent or the specific Chrome UA used in the PoC alongside POST data to the vulnerable endpoint. ↗
- →Alert on POST requests to loginValidation.php whose body contains error-based SQLi patterns: ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(...),...FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x). ↗
- ·The vulnerable endpoint path varies by deployment: the NVD/Nuclei template uses /task/loginValidation.php while the Exploit-DB PoC uses /TaskManagingSystem/loginValidation.php. Detection rules should cover both path variants. ↗
- ·The Nuclei template's time-based detection relies on a 10-second SLEEP threshold (duration>=10); network latency or server load may cause false positives or false negatives — tune the threshold accordingly. ↗
- ·The PHPSESSID value (samt0gti09djsstpqaj0pg4ta8) present in the PoC Burp requests is a sample session cookie from the researcher's test environment and should NOT be used as a static IOC in production detection. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)
exploitdb·2023-04-06·CVSS 9.8
CVE-2022-40032 [CRITICAL] Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)
Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)
---
# Exploit Title: Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)
# Date: 2022-01-09
# Exploit Author: Hamdi Sevben
# Vendor Homepage: https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/Task%20Managing%20System%20in%20PHP.zip
# Version: 1.0
# Tested on: Windows 10 Pro + PHP 8.1.6, Apache 2.4.53
# CVE: CVE-2022-40032
# References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40032
https://github.com/h4md153v63n/CVE-2022-40032_Simple-Task-Managing-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated
1. Description:
Simple Task Managing System 1.0 all
Nuclei
Simple Task Managing System v1.0 - SQL Injection
nuclei·CVSS 9.8
CVE-2022-40032 [CRITICAL] Simple Task Managing System v1.0 - SQL Injection
Simple Task Managing System v1.0 - SQL Injection
SQL injection occurs when a web application doesn't properly validate or sanitize user input that is used in SQL queries. Attackers can exploit this by injecting malicious SQL code into the input fields of a web application, tricking the application into executing unintended database queries.
Template:
id: CVE-2022-40032
info:
name: Simple Task Managing System v1.0 - SQL Injection
author: r3Y3r53
severity: critical
description: |
SQL injection occurs when a web application doesn't properly validate or sanitize user input that is used in SQL queries. Attackers can exploit this by injecting malicious SQL code into the input fields of a web application, tricking the application into executing unintended database queries.
impact: |
Unauthent
http://packetstormsecurity.com/files/171739/Simple-Task-Managing-System-1.0-SQL-Injection.htmlhttps://github.com/h4md153v63n/CVE-2022-40032_Simple-Task-Managing-System-V1.0-SQL-Injection-Vulnerability-Unauthenticatedhttps://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.htmlhttps://www.sourcecodester.com/sites/default/files/download/razormist/Task%20Managing%20System%20in%20PHP.ziphttp://packetstormsecurity.com/files/171739/Simple-Task-Managing-System-1.0-SQL-Injection.htmlhttps://github.com/h4md153v63n/CVE-2022-40032_Simple-Task-Managing-System-V1.0-SQL-Injection-Vulnerability-Unauthenticatedhttps://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.htmlhttps://www.sourcecodester.com/sites/default/files/download/razormist/Task%20Managing%20System%20in%20PHP.zip
2023-02-17
Published