Login Sign Up

CVE-2022-21666

7.2 HIGH
SQL Injection

📋 TL;DR

This SQL injection vulnerability in USOC CMS allows authenticated administrators to execute arbitrary SQL commands through the usersearch.php functionality. Only users with administrative privileges can exploit this vulnerability, but it could lead to complete database compromise. The issue affects USOC versions prior to Pb2.4Bfx3.

💻 Affected Systems

Products:
  • Useful Simple Open-Source CMS (USOC)
Versions: All versions prior to Pb2.4Bfx3
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only exploitable by users with administrative privileges. Requires access to admin interface.

📦 What is this software?

Useful Simple Open Source Cms by Useful Simple Open Source Cms Project

View all CVEs affecting Useful Simple Open Source Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account compromise leading to full database access, data exfiltration, privilege escalation, or complete system takeover through SQL injection.

🟠

Likely Case

Unauthorized database access allowing data theft, modification of user accounts, or privilege escalation within the CMS.

🟢

If Mitigated

Limited impact due to administrative-only access requirement, but still poses risk of data breach if admin credentials are compromised.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires administrative credentials. SQL injection in usersearch.php parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Pb2.4Bfx3

Vendor Advisory: https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-557p-hhpc-4wrx

Restart Required: No

Instructions:

1. Upgrade to USOC version Pb2.4Bfx3 or later. 2. Alternatively, replace the vulnerable file admin/pages/useredit.php with the fixed version from the Pb2.4Bfx3 release.

🔧 Temporary Workarounds

File Replacement Workaround

linux

Replace vulnerable useredit.php file with patched version without full upgrade

wget https://raw.githubusercontent.com/Aaron-Junker/USOC/Pb2.4Bfx3/admin/pages/useredit.php -O /path/to/usoc/admin/pages/useredit.php

Access Restriction

all

Restrict access to admin interface to trusted IP addresses only

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate USOC admin interface
  • Enforce strong authentication and monitor admin account activity

🔍 How to Verify

Check if Vulnerable:

Check USOC version in admin panel or examine useredit.php file modification date against patch release date.

Check Version:

Check USOC version in admin dashboard or examine version files in installation directory

Verify Fix Applied:

Verify file hash of admin/pages/useredit.php matches the fixed version from Pb2.4Bfx3 release.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts to admin interface
  • Suspicious parameter values in usersearch.php requests

Network Indicators:

  • SQL injection patterns in HTTP requests to usersearch.php
  • Unusual database connection patterns from web server

SIEM Query:

web.url:*usersearch.php* AND (web.param:*OR* OR web.param:*UNION* OR web.param:*SELECT*)

📊 Metadata

CVE ID: CVE-2022-21666
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: January 10, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-21666, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)