Login Sign Up

CVE-2022-29662

7.2 HIGH
SQL Injection

📋 TL;DR

CVE-2022-29662 is a SQL injection vulnerability in CSCMS Music Portal System v4.2 that allows attackers to execute arbitrary SQL commands via the id parameter in the admin news save function. This affects all installations of CSCMS v4.2 with the vulnerable admin endpoint accessible. Attackers could potentially access, modify, or delete database content.

💻 Affected Systems

Products:
  • CSCMS Music Portal System
Versions: v4.2
Operating Systems: All platforms running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin.php endpoint to be accessible. Default installations are vulnerable.

📦 What is this software?

Cscms Music Portal System by Chshcms

View all CVEs affecting Cscms Music Portal System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, or full system takeover via SQL injection to RCE chain.

🟠

Likely Case

Unauthorized access to sensitive data in the database, including user credentials, personal information, and administrative data.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection execution.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to the admin interface. SQL injection via id parameter is straightforward for attackers with access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.3 or later

Vendor Advisory: https://github.com/chshcms/cscms/issues/17

Restart Required: No

Instructions:

1. Backup your database and application files. 2. Download the latest version from the official repository. 3. Replace vulnerable files with patched versions. 4. Verify the fix by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize the id parameter before processing

Modify /admin.php/news/admin/news/save to validate id parameter as integer

Access Restriction

all

Restrict access to admin.php endpoint to trusted IP addresses only

Add IP whitelisting in .htaccess or web server configuration for /admin.php

🧯 If You Can't Patch

  • Implement web application firewall (WAF) with SQL injection protection rules
  • Disable or restrict access to the /admin.php/news/admin/news/save endpoint

🔍 How to Verify

Check if Vulnerable:

Test the /admin.php/news/admin/news/save endpoint with SQL injection payloads in the id parameter

Check Version:

Check version in application configuration files or admin panel

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and parameterized queries are used

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts to admin interface
  • Suspicious parameter values in web server logs

Network Indicators:

  • SQL injection patterns in HTTP requests to /admin.php
  • Unusual database connection patterns from web server

SIEM Query:

source="web_server" AND uri="/admin.php/news/admin/news/save" AND (param="id" AND value MATCH "[';]|UNION|SELECT")

📊 Metadata

CVE ID: CVE-2022-29662
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: May 26, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29662, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)