Login Sign Up

CVE-2022-24226

7.5 HIGH
SQL Injection

📋 TL;DR

Hospital Management System v4.0 contains a blind SQL injection vulnerability in the register function (func2.php) that allows attackers to execute arbitrary SQL commands without seeing the results directly. This affects all users running the vulnerable version of the software. Attackers could potentially extract sensitive data, modify database contents, or gain unauthorized access.

💻 Affected Systems

Products:
  • Hospital Management System
Versions: v4.0
Operating Systems: Any OS running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the default installation via the register function in func2.php.

📦 What is this software?

Hospital Management System by Phpgurukul

View all CVEs affecting Hospital Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to theft of sensitive patient data, medical records, financial information, and potential system takeover.

🟠

Likely Case

Data exfiltration of patient records, user credentials, and system configuration information through blind SQL injection techniques.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept available on GitHub. Exploitation requires sending specially crafted requests to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check for official vendor patch or updated version. 2. If unavailable, implement parameterized queries in func2.php. 3. Add input validation for all user inputs in register function. 4. Test thoroughly before deployment.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF with SQL injection protection rules to block malicious requests.

Input Validation Filter

all

Implement server-side input validation to reject SQL injection patterns.

🧯 If You Can't Patch

  • Isolate the vulnerable system from internet access and restrict to internal network only.
  • Implement strict network segmentation and monitor all traffic to/from the vulnerable endpoint.

🔍 How to Verify

Check if Vulnerable:

Send a crafted SQL injection payload to the register endpoint in func2.php and observe time-based or boolean-based responses.

Check Version:

Check the software version in the admin panel or configuration files.

Verify Fix Applied:

Test the same SQL injection payloads after remediation; they should be rejected or produce error messages without executing SQL.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL error messages in application logs
  • Multiple failed login/registration attempts with SQL-like patterns
  • Long response times from func2.php endpoint

Network Indicators:

  • HTTP requests to func2.php containing SQL keywords (SELECT, UNION, etc.)
  • Unusual traffic patterns to registration endpoints

SIEM Query:

source="web_logs" AND (uri="*func2.php*" AND (content="*SELECT*" OR content="*UNION*" OR content="*OR 1=1*"))

📊 Metadata

CVE ID: CVE-2022-24226
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-89
Published: February 15, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24226, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)