CVE-2022-29664 – CVE-2022-29664 is a SQL injection vulnerability... (How to Fix)

Q: What is the severity of CVE-2022-29664?

CVE-2022-29664 has a CVSS score of 8.8 (HIGH). CVE-2022-29664 is a SQL injection vulnerability in CSCMS Music Portal System v4.2 that allows attackers to execute arbitrary SQL commands via the id parameter in the admin panel. This affects all installations running the vulnerable version, potentially compromising the entire database and system.

📋 TL;DR

CVE-2022-29664 is a SQL injection vulnerability in CSCMS Music Portal System v4.2 that allows attackers to execute arbitrary SQL commands via the id parameter in the admin panel. This affects all installations running the vulnerable version, potentially compromising the entire database and system.

💻 Affected Systems

Products:

CSCMS Music Portal System

Versions: v4.2

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin authentication to access the vulnerable endpoint.

📦 What is this software?

Cscms Music Portal System by Chshcms

View all CVEs affecting Cscms Music Portal System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, and full system takeover.

🟠

Likely Case

Unauthorized data access, modification, or deletion of database contents.

🟢

If Mitigated

Limited impact if proper input validation and WAF rules are in place.

🌐 Internet-Facing: HIGH - Admin panel accessible over internet exposes SQL injection to remote attackers.

🏢 Internal Only: MEDIUM - Internal attackers with admin access could exploit, but requires authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires admin credentials but SQL injection is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.3 or later

Vendor Advisory: https://github.com/chshcms/cscms/issues/23

Restart Required: No

Instructions:

1. Backup database and files. 2. Download latest version from official repository. 3. Replace vulnerable files with patched version. 4. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Add parameter validation to sanitize id parameter before SQL execution

Modify /admin.php/pic/admin/type/pl_save to validate id parameter as integer

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns

Add WAF rule: deny requests containing SQL keywords in id parameter

🧯 If You Can't Patch

Restrict admin panel access to trusted IP addresses only
Implement database user with minimal privileges for application

🔍 How to Verify

Check if Vulnerable:

Check if running CSCMS v4.2 and test id parameter with SQL injection payloads

Check Version:

Check version in system configuration or admin panel

Verify Fix Applied:

Test patched version with same SQL injection attempts - should return errors or no data

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts to admin panel

Network Indicators:

SQL keywords in HTTP POST parameters to admin.php

SIEM Query:

source="web_logs" AND uri="/admin.php/pic/admin/type/pl_save" AND (param="id" AND value CONTAINS "' OR ")

📊 Metadata

CVE ID: CVE-2022-29664

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: May 26, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/chshcms/cscms/issues/23#issue-1207644525 Exploit,Issue Tracking,Third Party Advisory
https://github.com/chshcms/cscms/issues/23#issue-1207644525 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29664, you might also want to check these: