Login Sign Up

CVE-2022-27412

9.8 CRITICAL
SQL Injection

📋 TL;DR

Explore CMS v1.0 contains a SQL injection vulnerability in the page.php endpoint that allows attackers to execute arbitrary SQL commands via the 'id' parameter. This affects all installations of Explore CMS v1.0, potentially compromising the entire database and application. Attackers can exploit this without authentication to steal, modify, or delete data.

💻 Affected Systems

Products:
  • Explore CMS
Versions: v1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of Explore CMS v1.0 are vulnerable. The vulnerability exists in the core page.php file.

📦 What is this software?

Explore Cms by Exploreit

View all CVEs affecting Explore Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, authentication bypass, and potential remote code execution if database functions allow it.

🟠

Likely Case

Database information disclosure, credential theft, and potential privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code is available. The vulnerability requires no authentication and is trivial to exploit with basic SQL injection knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://exploreit.com.bd

Restart Required: No

Instructions:

No official patch available. Consider migrating to a different CMS or implementing custom fixes with parameterized queries.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize the 'id' parameter in page.php to only accept numeric values

Modify page.php to include: if(!is_numeric($_GET['id'])) { die('Invalid input'); }

Web Application Firewall Rule

all

Block SQL injection patterns in requests to page.php

WAF rule: deny requests to /page.php?id=* containing SQL keywords like UNION, SELECT, INSERT, DELETE, DROP, etc.

🧯 If You Can't Patch

  • Isolate the Explore CMS instance behind a reverse proxy with strict input filtering
  • Implement network segmentation to limit database access from the web server

🔍 How to Verify

Check if Vulnerable:

Test with payload: /page.php?id=1' OR '1'='1 and observe if SQL error or unexpected behavior occurs

Check Version:

Check CMS version in admin panel or readme files

Verify Fix Applied:

Test with same payload after fix - should return error page or sanitized response without SQL errors

📡 Detection & Monitoring

Log Indicators:

  • Multiple requests to page.php with SQL keywords in parameters
  • Database error logs showing SQL syntax errors

Network Indicators:

  • HTTP requests containing SQL injection patterns in GET parameters
  • Unusual database queries originating from web server

SIEM Query:

source="web_logs" AND uri="/page.php" AND (param="*UNION*" OR param="*SELECT*" OR param="*INSERT*" OR param="*' OR '*")

📊 Metadata

CVE ID: CVE-2022-27412
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: May 9, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-27412, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)