Marval MSM v14.19.0.12476 has a Cross-Site Request Forgery (CSRF) Vulnerability. A low privilege user is able to change the settings of another user.

Marval MSM v14.19.0.12476 has an SQL Injection Vulnerability. A high privilege user is able to inject arbitrary code into the database via the ‘admin_order_process’ SQL statement.

Marval MSM v14.19.0.12476 has a User Enumeration Vulnerability. A low privilege user is able to enumerate the users in the system via the ‘user_login_check’ SQL statement.

Marval MSM v14.19.0.12476 has a Denial of Service Vulnerability. A high privilege user is able to crash the system via the ‘admin_order_process’ SQL statement.

▪ Marval MSM v14.19.0.12476 has a Cross-Site Scripting (XSS) Vulnerability. A high privilege user is able to inject arbitrary code into the system via the ‘admin_order_process’ SQL statement.

▪ Marval MSM v14.19.0.12476 has a Server Side Request Forgery (SSRF) Vulnerability. A high privilege user is able to crash the system via the ‘admin_order_process’ SQL statement.

Marval MSM v14.19.0.12476 CSRF Vulnerability


Marval MSM v14.19.0.12476 has a Cross-Site Request Forgery (CSRF) Vulnerability. A low privilege user is able to change the settings of another user. This vulnerability can be exploited via cross site scripting, clickjacking, and through the use of malicious JavaScript on a third party website that embeds the Marval MSM login form into its content.

Marval MSM v14.19.0.12476 Denial of Service Vulnerability

Version 14.19.0.12476 of Marval MSM has a Denial of Service Vulnerability: A high privilege user is able to crash the system via the ‘admin_order_process’ SQL statement.
This vulnerability can be exploited by a high privilege user with knowledge of the system's structure and the SQL syntax for this statement. The attacker would send a crafted SQL statement that would cause the application to stop responding before it finishes processing its current request, which will result in a denial of service condition.
The following proof-of-concept attack is available: https://github.com/kprakash077/CVE-2022-31883/blob/master/exploit.py

Marval MSM V14.19.0.12476 CSRF Vulnerability

A low privilege user is able to change the settings of another user.
▪ Marval MSM V14.19.0.12476 SQL Injection Vulnerability
A high privilege user is able to inject arbitrary code into the database via the ‘admin_order_process’ SQL statement.
▪ Marval MSM V14.19.0.12476 User Enumeration Vulnerability
A low privilege user is able to enumerate the users in the system via the ‘user_login_check’ SQL statement.
▪ Marval MSM V14.19.0.12476 Denial of Service Vulnerability
A high privilege user is able to crash the system via the ‘admin_order_process’ SQL statement.
▪ Marval MSM V14.19.0.12476 Cross-Site Scripting (XSS) Vulnerability
A high privilege user is able to inject arbitrary code into the system via the ‘admin_order_process’ SQL statement and SSRF vulnerability that allows for a low privilege user to crash the system

Marval MSM v14.19.0.12476 CSRF And XSS Protection

Marval MSM v14.19.0.12476 prevents CSRF via the ‘Csrf_Header’ HTTP header.
Marval MSM v14.19.0.12476 protects against XSS attacks via the ‘Xss-Protection-Mode’ parameter on the admin_order_process SQL statement.

Timeline

Published on: 06/28/2022 21:15:00 UTC
Last modified on: 07/14/2022 15:12:00 UTC

References