Login Sign Up

CVE-2022-29600

9.8 CRITICAL
SQL Injection

📋 TL;DR

CVE-2022-29600 is a SQL injection vulnerability in the oelib extension for TYPO3 CMS. It allows attackers to execute arbitrary SQL commands through crafted inputs, potentially compromising database integrity and confidentiality. All TYPO3 installations using affected versions of the oelib extension are vulnerable.

💻 Affected Systems

Products:
  • TYPO3 CMS with oelib extension
Versions: oelib extension versions through 4.1.5
Operating Systems: All platforms running TYPO3
Default Config Vulnerable: ⚠️ Yes
Notes: Requires TYPO3 installation with oelib extension enabled. The vulnerability is in the extension itself, not core TYPO3.

📦 What is this software?

Oelib by Oliverklee

View all CVEs affecting Oelib →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, or full system takeover via subsequent attacks.

🟠

Likely Case

Unauthorized data access, modification, or deletion from the TYPO3 database.

🟢

If Mitigated

Limited impact with proper input validation and database permissions in place.

🌐 Internet-Facing: HIGH - TYPO3 is typically internet-facing and vulnerable to remote exploitation.
🏢 Internal Only: MEDIUM - Internal systems could be exploited by authenticated users or via other attack vectors.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection vulnerabilities are commonly exploited. The advisory provides technical details that could facilitate exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: oelib extension version 4.1.6 or later

Vendor Advisory: https://typo3.org/security/advisory/typo3-ext-sa-2022-007

Restart Required: No

Instructions:

1. Update oelib extension to version 4.1.6 or later via TYPO3 Extension Manager. 2. Clear all caches in TYPO3 backend. 3. Test functionality of sites using oelib features.

🔧 Temporary Workarounds

Disable oelib extension

all

Temporarily disable the vulnerable extension until patching is possible.

typo3cms extension:deactivate oelib

Implement WAF rules

all

Add SQL injection detection rules to web application firewall.

🧯 If You Can't Patch

  • Restrict database user permissions to minimum required operations
  • Implement network segmentation to isolate TYPO3 database from other systems

🔍 How to Verify

Check if Vulnerable:

Check installed oelib extension version in TYPO3 Extension Manager or via composer show oelib/oelib

Check Version:

composer show oelib/oelib | grep version

Verify Fix Applied:

Confirm oelib extension version is 4.1.6 or higher and test SQL injection attempts are blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts or parameter manipulation in web logs

Network Indicators:

  • SQL syntax in HTTP parameters
  • Unusual database connection patterns

SIEM Query:

web_logs WHERE (url CONTAINS "' OR" OR url CONTAINS "' UNION" OR url CONTAINS "' SELECT") AND url CONTAINS "oelib"

📊 Metadata

CVE ID: CVE-2022-29600
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: July 12, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29600, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)