CVE-2022-36581 An SQL injection vulnerability was found in the Ordering System v2.3.2 plugin's user_email parameter.

A user with the privileges of administrator account can inject arbitrary SQL queries that would lead to a potential escalation of privilege.

Another SQL injection was discovered in the system that is via the md5() function in the file /db_main/message.php. An attacker can inject arbitrary SQL queries that would lead to a potential escalation of privilege.

System administrators are advised to review the value sanitized by the function md5() in the file /db_main/message.php.

Another SQL injection was discovered in the system that is via the INT() function in the file /db_main/message.php. An attacker can inject arbitrary SQL queries that would lead to a potential escalation of privilege.

System administrators are advised to review the value sanitized by the function INT() in the file /db_main/message.php.

We discovered another SQL injection via the GET parameter in the file /db_main/message.php. An attacker can inject arbitrary SQL queries that would lead to a potential escalation of privilege.

System administrators are advised to review the value sanitized by the function GET() in the file /db_main/message.php.

Pre-installed software

If there is a pre-installed software that you would like to remove, please contact the system administrator.

Beware of malicious software installed on your computer, including but not limited to:
* spyware/adware * PUPs * trojan horses * worms * viruses * backdoors

SQL Injection

A SQL injection occurs when an attacker sends a query that is used by the system to access sensitive information or modify data. This happens when a user sends an SQL request that is not properly filtered. The attack leverages the ability of the application to read and execute arbitrary data from its database, which can then be used for malicious purposes.

SQL injection vulnerabilities are easy to exploit because the application relies on SQL queries for various operations and contains many variables in the query string, which makes it relatively easy to bypass filters and insert malicious code.

Timeline

Published on: 08/31/2022 20:15:00 UTC
Last modified on: 09/02/2022 22:32:00 UTC

References

• https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Online-Ordering-System/SQL-Injection-Vulnerability.md
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36581