CVE-2022-27360 – SpringBlade v3.2.0 and below contains a SQL inj... (How to Fix)

Q: What is the severity of CVE-2022-27360?

CVE-2022-27360 has a CVSS score of 9.8 (CRITICAL). SpringBlade v3.2.0 and below contains a SQL injection vulnerability in the customSqlSegment component that allows attackers to execute arbitrary SQL commands. This affects all deployments using vulnerable versions of the SpringBlade framework. Successful exploitation could lead to data theft, data manipulation, or complete system compromise.

📋 TL;DR

SpringBlade v3.2.0 and below contains a SQL injection vulnerability in the customSqlSegment component that allows attackers to execute arbitrary SQL commands. This affects all deployments using vulnerable versions of the SpringBlade framework. Successful exploitation could lead to data theft, data manipulation, or complete system compromise.

💻 Affected Systems

Products:

SpringBlade

Versions: v3.2.0 and below

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using vulnerable versions with the customSqlSegment component are affected regardless of configuration.

📦 What is this software?

Springblade by Bladex

View all CVEs affecting Springblade →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full database compromise allowing data exfiltration, data destruction, privilege escalation to database administrator, and potential remote code execution through database functions.

🟠

Likely Case

Unauthorized data access and extraction of sensitive information from the database, potentially including user credentials, personal data, and business information.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.

🌐 Internet-Facing: HIGH - Web applications using SpringBlade are typically internet-facing, making them directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal applications could still be exploited by malicious insiders or through lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection vulnerabilities are well-understood with many available exploitation tools. The specific component vulnerability has been publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.2.1 or later

Vendor Advisory: https://gitee.com/smallc/SpringBlade

Restart Required: Yes

Instructions:

1. Upgrade SpringBlade to version 3.2.1 or later. 2. Review and update all customSqlSegment implementations to use parameterized queries. 3. Restart the application server.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation to reject SQL special characters in user inputs

Implement input validation in application code to filter: ', ", ;, --, #, /*, */, union, select, insert, update, delete, drop, create, alter

Database Permission Restriction

all

Limit database user permissions to minimum required operations

REVOKE ALL PRIVILEGES ON database.* FROM 'app_user'@'%';
GRANT SELECT, INSERT, UPDATE ON specific_tables TO 'app_user'@'%';

🧯 If You Can't Patch

Implement Web Application Firewall (WAF) with SQL injection rules
Isolate the vulnerable system behind additional network segmentation

🔍 How to Verify

Check if Vulnerable:

Check SpringBlade version in pom.xml or application properties. If version is 3.2.0 or below, review UserMapper.xml for vulnerable customSqlSegment implementations.

Check Version:

grep -i 'springblade' pom.xml | grep -i 'version' OR check application.properties for springblade.version

Verify Fix Applied:

Verify SpringBlade version is 3.2.1 or later and review that customSqlSegment uses parameterized queries (#{param}) instead of string concatenation.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns in database logs
Multiple failed login attempts with SQL special characters
Long or malformed SQL queries from application

Network Indicators:

HTTP requests containing SQL keywords in parameters
Unusual database connection patterns from application servers

SIEM Query:

source="web_logs" AND ("union" OR "select" OR "insert" OR "' OR '1'='1") AND status=200

📊 Metadata

CVE ID: CVE-2022-27360

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: May 5, 2022

Last Updated: November 21, 2024

🔗 References

https://forum.butian.net/share/1089 Exploit,Third Party Advisory
https://gitee.com/smallc/SpringBlade/blob/master/blade-service/blade-user/src/main/java/org/springblade/system/user/mapper/UserMapper.xml Exploit,Third Party Advisory
https://saber.bladex.vip/#/login Permissions Required,Third Party Advisory
https://forum.butian.net/share/1089 Exploit,Third Party Advisory
https://gitee.com/smallc/SpringBlade/blob/master/blade-service/blade-user/src/main/java/org/springblade/system/user/mapper/UserMapper.xml Exploit,Third Party Advisory
https://saber.bladex.vip/#/login Permissions Required,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-27360, you might also want to check these: