cbcvebase.
CVE-2022-40032
published 2023-02-17

CVE-2022-40032: SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute…

PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
20.69%
97.2th percentile
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.

Affected

1 ranges
VendorProductVersion rangeFixed in
simple_task_managing_system_projectsimple_task_managing_system

Detection & IOCsextracted from sources · hover to see the quote

path/TaskManagingSystem/loginValidation.php
path/task/loginValidation.php
commandlogin=-1%27+and+6%3d3+or+1%3d1%2b(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)%2b%27&password=P@ssw0rd!
commandlogin=test'%20AND%20(SELECT%208979%20FROM%20(SELECT(SLEEP(10-(IF(ORD(MID((SELECT%20DISTINCT(IFNULL(CAST(schema_name%20AS%20NCHAR)%2c0x20))%20FROM%20INFORMATION_SCHEMA.SCHEMATA%20LIMIT%200%2c1)%2c12%2c1))%3e48%2c0%2c1)))))jaXJ)--%20HgKq&password=
  • Monitor POST requests to /TaskManagingSystem/loginValidation.php (or /task/loginValidation.php) for SQL injection patterns in the 'login' and 'password' parameters, particularly payloads containing SLEEP(), ROW(), CONCAT(CHAR(...)), INFORMATION_SCHEMA references, or time-based blind injection markers.
  • Detect time-based blind SQLi by alerting on HTTP responses with duration >= 10 seconds to POST /loginValidation.php combined with a 302 redirect to login.php.
  • Flag POST bodies to loginValidation.php containing URL-encoded SQL time-delay payloads such as SLEEP(10) or the pattern (SELECT(SLEEP(...))).
  • Detect sqlmap exploitation attempts targeting loginValidation.php by inspecting for sqlmap's default User-Agent or the specific Chrome UA used in the PoC alongside POST data to the vulnerable endpoint.
  • Alert on POST requests to loginValidation.php whose body contains error-based SQLi patterns: ROW(1,1)>(SELECT COUNT(*),CONCAT(CHAR(...),...FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x).
  • ·The vulnerable endpoint path varies by deployment: the NVD/Nuclei template uses /task/loginValidation.php while the Exploit-DB PoC uses /TaskManagingSystem/loginValidation.php. Detection rules should cover both path variants.
  • ·The Nuclei template's time-based detection relies on a 10-second SLEEP threshold (duration>=10); network latency or server load may cause false positives or false negatives — tune the threshold accordingly.
  • ·The PHPSESSID value (samt0gti09djsstpqaj0pg4ta8) present in the PoC Burp requests is a sample session cookie from the researcher's test environment and should NOT be used as a static IOC in production detection.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.