CVE-2022-26645 – This critical vulnerability in Online Banking S... (How to Fix)

Q: What is the severity of CVE-2022-26645?

CVE-2022-26645 has a CVSS score of 9.8 (CRITICAL). This critical vulnerability in Online Banking System Protect v1.0 allows attackers to upload malicious PHP files through the image upload function, leading to remote code execution. Any organization using this vulnerable version is at risk of complete system compromise.

📋 TL;DR

This critical vulnerability in Online Banking System Protect v1.0 allows attackers to upload malicious PHP files through the image upload function, leading to remote code execution. Any organization using this vulnerable version is at risk of complete system compromise.

💻 Affected Systems

Products:

Online Banking System Protect

Versions: v1.0

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations of v1.0 with the upload image feature enabled.

📦 What is this software?

Banking System by Oretnom23

View all CVEs affecting Banking System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover, data theft, ransomware deployment, and lateral movement across the network.

🟠

Likely Case

Web server compromise leading to data exfiltration, credential harvesting, and installation of backdoors.

🟢

If Mitigated

Limited impact with proper file upload restrictions and web application firewalls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple file upload bypass with publicly available proof-of-concept code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://online.com

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative software or implementing strict workarounds.

🔧 Temporary Workarounds

Restrict File Upload Types

all

Configure web server to only accept image file extensions and validate file content.

# In .htaccess for Apache: AddType image/jpeg .jpg .jpeg
# In nginx config: location ~ \.php$ { deny all; }

Disable Upload Feature

all

Temporarily disable the image upload functionality until permanent fix is available.

# Comment out or remove upload form elements and PHP handling code

🧯 If You Can't Patch

Implement web application firewall with file upload filtering rules
Isolate the vulnerable system in a DMZ with strict network segmentation

🔍 How to Verify

Check if Vulnerable:

Check if Online Banking System Protect v1.0 is installed and has active upload functionality.

Check Version:

# Check version in application files or database configuration

Verify Fix Applied:

Test upload functionality with PHP files to confirm they are rejected.

📡 Detection & Monitoring

Log Indicators:

PHP file upload attempts in web server logs
Unusual POST requests to upload endpoints

Network Indicators:

File uploads with PHP extensions
Suspicious outbound connections post-upload

SIEM Query:

source="web.log" AND (url="*upload*" OR method="POST") AND (extension=".php" OR content_type="application/x-php")

📊 Metadata

CVE ID: CVE-2022-26645

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: March 30, 2022

Last Updated: December 16, 2025

🔗 References

http://online.com Broken Link
https://github.com/erik-451/CVE/tree/main/CVE-2022-26645 Exploit,Third Party Advisory
http://online.com Broken Link
https://github.com/erik-451/CVE/tree/main/CVE-2022-26645 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-26645, you might also want to check these: