Login Sign Up

CVE-2022-29669

8.8 HIGH
SQL Injection

📋 TL;DR

CVE-2022-29669 is a SQL injection vulnerability in CSCMS Music Portal System v4.2 that allows attackers to execute arbitrary SQL commands via the id parameter in the admin news management interface. This affects all installations of CSCMS v4.2 with the vulnerable admin.php/news/admin/lists/zhuan endpoint accessible.

💻 Affected Systems

Products:
  • CSCMS Music Portal System
Versions: v4.2
Operating Systems: All platforms running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin panel access, but SQL injection can bypass authentication if combined with other vulnerabilities.

📦 What is this software?

Cscms Music Portal System by Chshcms

View all CVEs affecting Cscms Music Portal System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, modification, or deletion; potential authentication bypass and full system takeover.

🟠

Likely Case

Unauthorized data access, privilege escalation, and potential backdoor installation in the database.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage to specific tables.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is accessible via web interface, making it exploitable remotely.
🏢 Internal Only: MEDIUM - Requires admin panel access, but could be exploited by malicious insiders or through other vulnerabilities.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

SQL injection via id parameter is straightforward; proof-of-concept exists in GitHub issues.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.3 or later

Vendor Advisory: https://github.com/chshcms/cscms/issues/20

Restart Required: No

Instructions:

1. Backup database and files. 2. Download latest version from official repository. 3. Replace affected files. 4. Verify parameter sanitization in /admin.php/news/admin/lists/zhuan.

🔧 Temporary Workarounds

Input Validation Filter

all

Add parameter validation to reject non-numeric id values

Modify /admin.php/news/admin/lists/zhuan to validate id parameter with is_numeric() or prepared statements

Access Restriction

all

Restrict access to admin panel via IP whitelisting or additional authentication

Add .htaccess rules or firewall rules to limit admin.php access

🧯 If You Can't Patch

  • Implement web application firewall (WAF) with SQL injection rules
  • Disable or restrict access to /admin.php/news/admin/lists/zhuan endpoint

🔍 How to Verify

Check if Vulnerable:

Test id parameter with SQL injection payloads like ' OR '1'='1 at /admin.php/news/admin/lists/zhuan

Check Version:

Check CSCMS version in system configuration or footer

Verify Fix Applied:

Verify parameter sanitization and test with same payloads; check for proper error handling

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts followed by admin.php access
  • Suspicious id parameter values in web server logs

Network Indicators:

  • HTTP requests to /admin.php/news/admin/lists/zhuan with SQL keywords in parameters

SIEM Query:

source="web_logs" AND uri="/admin.php/news/admin/lists/zhuan" AND (param="id" AND value MATCHES "('|\"|OR|AND|SELECT|UNION)")

📊 Metadata

CVE ID: CVE-2022-29669
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: May 26, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29669, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)