cbcvebase.
CVE-2022-40347
published 2023-02-17

CVE-2022-40347: SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
5.35%
91.6th percentile
SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information.

Affected

1 ranges
VendorProductVersion rangeFixed in
intern_record_system_projectintern_record_system

Detection & IOCsextracted from sources · hover to see the quote

path/intern/controller.php
urlhttp://localhost/intern/controller.php
other-1%27+and+6%3d3+or+1%3d1%2b(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)%2b%27
  • Monitor POST requests to /intern/controller.php with parameters 'phone', 'email', 'deptType', or 'name' containing SQL injection patterns such as single quotes, CHAR(), FLOOR(RAND()), ROW(), or INFORMATION_SCHEMA references.
  • Detect the specific error-based SQL injection payload pattern using FLOOR(RAND(0)*2) and INFORMATION_SCHEMA.COLLATIONS GROUP BY in POST body fields targeting /intern/controller.php.
  • This is an unauthenticated SQLi — no session or login is required. Alert on any POST to /intern/controller.php from unauthenticated sessions containing SQL metacharacters.
  • SQLmap exploitation targets the 'department' database; alert on successful DB enumeration responses or error messages referencing this database name from the application.
  • ·The exploit PoC uses localhost as the target host; in real deployments the vulnerable endpoint /intern/controller.php will be hosted on a different IP/domain. Detection rules should not be scoped to localhost only.
  • ·The exploit was tested on Windows 10 Pro with PHP 8.1.6 and Apache 2.4.53; behavior on other OS/PHP/web server combinations may differ.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.