cbcvebase.
CVE-2022-44290
published 2022-12-02

CVE-2022-44290: webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.70%
88.4th percentile
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
webtareas_projectwebtareas

Detection & IOCsextracted from sources · hover to see the quote

url/approvals/deleteapprovalstages.php?id=1)+AND+(SELECT+3830+FROM+(SELECT(SLEEP(6)))MbGE)+AND+(6162=6162
path/approvals/deleteapprovalstages.php
commandid=1)+AND+(SELECT+3830+FROM+(SELECT(SLEEP(6)))MbGE)+AND+(6162=6162
  • Detect time-based blind SQLi exploitation attempts against deleteapprovalstages.php by monitoring for SLEEP() payloads in the id parameter of GET requests to /approvals/deleteapprovalstages.php
  • Successful exploitation returns HTTP 200 with body containing 'Delete the following?' and Content-Type text/html; use this as a confirmation signal in detection logic
  • Exploitation requires prior authentication via POST to /general/login.php?session=false with multipart/form-data; correlate login events followed by SQLi requests to deleteapprovalstages.php
  • Alert on response durations >= 6 seconds for requests to /approvals/deleteapprovalstages.php, indicative of a successful SLEEP(6) time-based injection
  • ·The time-based detection threshold of 6 seconds (SLEEP(6)) may produce false positives on slow networks or overloaded servers; tune the duration threshold accordingly in production environments
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.