CVE-2022-3955 - Critical Vulnerability Discovered in Tholum CRM42: SQL Injection Exploit Discovered in Login Component

A severe vulnerability, CVE-2022-3955, has been discovered in Tholum CRM42, a popular customer relationship management (CRM) software. Rated as critical, this vulnerability exposes underlying databases to SQL injection attacks through the manipulation of the 'user_name' argument in the login component of the software. The attack can be initiated remotely, putting numerous businesses and individuals relying on Tholum CRM42 at risk. The exploit details have been disclosed to the public, making it crucial for users to take preventive measures immediately. This vulnerability has been assigned the identifier VDB-213461.

Details

The vulnerability exists in the Tholum CRM42 software's crm42\class\class.user.php file. Specifically, the flaw is due to improper input validation in the login component, which allows attackers to manipulate the 'user_name' argument that leads to SQL injection. As a result, an attacker can gain unauthorized access to the system and read, modify, or delete the underlying database's data.

Exploit Details

An attacker targeting this vulnerability would typically exploit it through a carefully crafted payload designed to inject the attacker's SQL code into a target system. The payload may be delivered via a web form, direct interaction with the login component, or other vulnerable points accepting user input.

The following code snippet demonstrates a payload that may be used to exploit this vulnerability

'; DROP TABLE users;--

This simple payload would instruct the SQL database to drop (delete) a table named 'users', potentially causing catastrophic data loss for an organization.

Original References

1. CVE-2022-3955 - NIST National Vulnerability Database
2. VDB-213461 - Vulnerability Details

To protect against this critical vulnerability, Tholum CRM42 users should

1. Update the software to the latest version, as developers may have released patches addressing the issue.
2. Implement proper input validation for all user input, ensuring that only acceptable characters and data types are allowed.
3. Utilize parameterized SQL statements or prepared statements to reduce the risk of SQL injection attacks.
4. Monitor system logs and web application firewalls (WAF) for signs of attempted SQL injection attacks and block any suspicious activity.

Conclusion

The CVE-2022-3955 vulnerability poses a significant risk to Tholum CRM42 users, as an attacker can remotely exploit the flaw to gain unauthorized access and potentially cause severe data loss or theft. Immediate mitigation strategies should be implemented, including updating the software, ensuring proper input validation, and monitoring for attempted attacks.

Timeline

Published on: 11/11/2022 16:15:00 UTC
Last modified on: 11/16/2022 15:43:00 UTC