CVE-2022-45297
published 2023-01-31CVE-2022-45297: EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter.
PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.80%
84.7th percentile
EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eq_project | eq | 1.5.31 – 2.2.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
commandRememberPwd=false&ServerDB=EQ%27and%28select%2B1%29%3E0waitfor%2F%2A%2A%2Fdelay%270%3A0%3A0&UserNumber=%27&UserPwd=%27↗
- →Detect SQL injection attempts against the /Account/Login endpoint via the UserPwd or ServerDB POST parameters; look for time-based blind SQLi payloads using WAITFOR DELAY patterns (URL-decoded: EQ'and(select+1)>0waitfor/**/delay'0:0:0). ↗
- →Monitor POST requests to /Account/Login with Content-Type: application/x-www-form-urlencoded containing single-quote characters (%27 or ') in the UserPwd or UserNumber parameters. ↗
- →Flag HTTP requests to /Account/Login that include the X-Requested-With: XMLHttpRequest header combined with URL-encoded SQL metacharacters in POST body parameters (ServerDB, UserPwd, UserNumber). ↗
- ·The exploit targets EQ Enterprise management system versions v1.5.31 through v2.2.0; the SQL injection is time-based blind (WAITFOR DELAY), meaning it may not produce obvious error responses and requires timing-based detection logic. ↗
- ·The vulnerable parameter is UserPwd per the CVE description, but the PoC payload also injects via the ServerDB parameter; detection rules should cover both parameters. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2023-01-31
Published