CVE-2022-29676 – CVE-2022-29676 is a SQL injection vulnerability... (How to Fix)

Q: What is the severity of CVE-2022-29676?

CVE-2022-29676 has a CVSS score of 7.2 (HIGH). CVE-2022-29676 is a SQL injection vulnerability in CSCMS Music Portal System v4.2 that allows attackers to execute arbitrary SQL commands via the id parameter in the admin interface. This affects all installations running the vulnerable version, potentially compromising the database and system integrity.

📋 TL;DR

CVE-2022-29676 is a SQL injection vulnerability in CSCMS Music Portal System v4.2 that allows attackers to execute arbitrary SQL commands via the id parameter in the admin interface. This affects all installations running the vulnerable version, potentially compromising the database and system integrity.

💻 Affected Systems

Products:

CSCMS Music Portal System

Versions: v4.2

Operating Systems: Any OS running PHP and MySQL/MariaDB

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin.php endpoint to be accessible and the specific path to be reachable. Default installations are vulnerable.

📦 What is this software?

Cscms Music Portal System by Chshcms

View all CVEs affecting Cscms Music Portal System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, and potential remote code execution through database functions.

🟠

Likely Case

Unauthorized data access, modification, or deletion of database records, potentially affecting user data and system configuration.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only allowing data viewing without modification.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is accessible via web interface, making it directly exploitable from the internet.

🏢 Internal Only: MEDIUM - While still vulnerable, internal-only deployments have reduced attack surface compared to internet-facing instances.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the admin interface path. SQL injection is well-documented and easily weaponized with automated tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.3 or later

Vendor Advisory: https://github.com/chshcms/cscms/issues/24

Restart Required: No

Instructions:

1. Download latest version from official repository. 2. Backup current installation. 3. Replace vulnerable files with patched version. 4. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize the id parameter before processing

Modify /admin.php/pic/admin/lists/zhuan to validate id parameter as integer

Web Application Firewall

all

Deploy WAF with SQL injection protection rules

Configure WAF to block SQL injection patterns at /admin.php/pic/admin/lists/zhuan

🧯 If You Can't Patch

Restrict access to /admin.php path using network ACLs or authentication
Implement database-level protections: use least privilege accounts, enable query logging

🔍 How to Verify

Check if Vulnerable:

Test the /admin.php/pic/admin/lists/zhuan endpoint with SQL injection payloads in id parameter

Check Version:

Check CSCMS version in system configuration or admin panel

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and input is properly validated

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts to admin interface
Unexpected parameter values in web server logs

Network Indicators:

SQL keywords in HTTP requests to vulnerable endpoint
Unusual database connection patterns

SIEM Query:

source="web_logs" AND uri="/admin.php/pic/admin/lists/zhuan" AND (param="id" AND value MATCH "[';]|UNION|SELECT")

📊 Metadata

CVE ID: CVE-2022-29676

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: May 26, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/chshcms/cscms/issues/24#issue-1207646618 Exploit,Issue Tracking,Third Party Advisory
https://github.com/chshcms/cscms/issues/24#issue-1207646618 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29676, you might also want to check these: