CVE-2022-3504 An issue was found in SourceCodester Sanitization Management System and classified as critical. The id argument can be manipulated to bring sql injection.

The latest software version is 3.1.0 and was released on 2017-01-13. The vendors involved in the development of this software are SourceCodester and the versioning information is 3.1.0. The vendors involved in the development of this software are SourceCodester and the versioning information is 3.1.0. Vulnerability details Class: SQL Injection, Cross-Site Request Forgery, Remote Code Execution, Remote File Inclusion, XSS, Other The vendor released source code for this software. VDB ID: VDB-210839 Detection: This vulnerability is verified through static analysis. Impacket can be used to do this. Exploitability: This vulnerability is exploitable through web applications with user interaction. With a malicious payload, it can lead to remote code execution. Attack vectors: This vulnerability can be exploited through web applications with user interaction. With a malicious payload, it can lead to remote code execution. Solution: Update to the latest version.

Official vendor security updates may be applied.

Implement DMARC to prevent email spoofing.

Implement reputation monitoring and blocking.
The impact of this vulnerability is critical.

Summary

The latest software version is 3.1.0 and was released on 2017-01-13. The vendors involved in the development of this software are SourceCodester and the versioning information is 3.1.0. The vendors involved in the development of this software are SourceCodester and the versioning information is 3.1.0. Vulnerability details Class: SQL Injection, Cross-Site Request Forgery, Remote Code Execution, Remote File Inclusion, XSS, Other The vendor released source code for this software. VDB ID: VDB-210839 Detection: This vulnerability is verified through static analysis. Impacket can be used to do this. Exploitability: This vulnerability is exploitable through web applications with user interaction. With a malicious payload, it can lead to remote code execution. Attack vectors: This vulnerability can be exploited through web applications with user interaction. With a malicious payload, it can lead to remote code execution. Solution: Update to the latest version

What is SQL Injection?

SQL Injection is a type of injection attack that exploits weaknesses in SQL database queries and the underlying software/hardware. This vulnerability allows an attacker to access data via a web application.

SQL Injection

SQL Injection is a vulnerability that allows an attacker to execute SQL queries on a remote website. This is achieved through input from the client in order to pass parameters to the database.

Timeline

Published on: 10/14/2022 14:15:00 UTC
Last modified on: 10/17/2022 18:20:00 UTC

References

• https://vuldb.com/?id.210839
• https://github.com/Drun1baby/CVE_Pentest/blob/main/Sanitization%20Management%20System%20Project%20CMS/images/sqli.png
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3504