CVE-2022-27104 – CVE-2022-27104 is an unauthenticated blind SQL ... (How to Fix)

Q: What is the severity of CVE-2022-27104?

CVE-2022-27104 has a CVSS score of 9.8 (CRITICAL). CVE-2022-27104 is an unauthenticated blind SQL injection vulnerability in Forma LMS that allows attackers to execute arbitrary SQL queries without authentication. This affects all Forma LMS installations prior to version 1.4.3, potentially exposing sensitive database information.

📋 TL;DR

CVE-2022-27104 is an unauthenticated blind SQL injection vulnerability in Forma LMS that allows attackers to execute arbitrary SQL queries without authentication. This affects all Forma LMS installations prior to version 1.4.3, potentially exposing sensitive database information.

💻 Affected Systems

Products:

Forma LMS

Versions: All versions prior to 1.4.3

Operating Systems: All operating systems running Forma LMS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Formalms by Formalms

View all CVEs affecting Formalms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including user credentials, personal data, and administrative access leading to full system takeover.

🟠

Likely Case

Data exfiltration of sensitive information, user credential theft, and potential privilege escalation.

🟢

If Mitigated

Limited information disclosure if database permissions are properly restricted and input validation is enforced.

🌐 Internet-Facing: HIGH - Unauthenticated nature makes internet-facing instances extremely vulnerable to automated attacks.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable but require network access, reducing exposure to external attackers.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Time-based blind SQL injection requires automated tools but is well-documented and easily weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.3 and later

Vendor Advisory: https://www.formalms.org/download.html

Restart Required: No

Instructions:

1. Backup your Forma LMS installation and database. 2. Download Forma LMS version 1.4.3 or later from the official website. 3. Replace all files with the new version. 4. Run any database update scripts if provided. 5. Verify the installation works correctly.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Implement WAF rules to block SQL injection patterns targeting Forma LMS endpoints.

Network Segmentation

all

Restrict access to Forma LMS to trusted IP addresses only.

🧯 If You Can't Patch

Implement strict input validation and parameterized queries in custom code
Deploy a web application firewall with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check Forma LMS version in admin panel or by examining the installation files. Versions below 1.4.3 are vulnerable.

Check Version:

Check admin panel or examine forma_lms_version.txt in installation directory

Verify Fix Applied:

Confirm version is 1.4.3 or higher in admin panel and test SQL injection attempts return proper error handling.

📡 Detection & Monitoring

Log Indicators:

Unusual database query patterns
Multiple failed login attempts with SQL-like payloads
Long response times indicating time-based injection

Network Indicators:

HTTP requests containing SQL keywords (SELECT, UNION, etc.) to Forma LMS endpoints
Unusual traffic patterns to database ports from web server

SIEM Query:

source="web_logs" AND (url="*forma*" OR url="*lms*") AND (message="*SELECT*" OR message="*UNION*" OR message="*SLEEP*")

📊 Metadata

CVE ID: CVE-2022-27104

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: April 19, 2022

Last Updated: November 21, 2024

🔗 References

https://www.formalms.org/download.html Product,Vendor Advisory
https://www.swascan.com/it/security-blog/ Third Party Advisory
https://www.swascan.com/security-advisory-forma-lms/ Third Party Advisory
https://www.formalms.org/download.html Product,Vendor Advisory
https://www.swascan.com/it/security-blog/ Third Party Advisory
https://www.swascan.com/security-advisory-forma-lms/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-27104, you might also want to check these: