Login Sign Up

CVE-2022-29681

7.2 HIGH
SQL Injection

📋 TL;DR

CVE-2022-29681 is a blind SQL injection vulnerability in CSCMS Music Portal System v4.2 that allows attackers to execute arbitrary SQL commands via the id parameter in the admin panel. This affects administrators and potentially compromises the entire database. Attackers can exploit this to extract sensitive data, modify database contents, or escalate privileges.

💻 Affected Systems

Products:
  • CSCMS Music Portal System
Versions: v4.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin access to reach /admin.php/Links/del endpoint, but SQL injection can be exploited by authenticated attackers.

📦 What is this software?

Cscms Music Portal System by Chshcms

View all CVEs affecting Cscms Music Portal System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation to admin, or full system takeover via SQL injection to RCE chaining.

🟠

Likely Case

Unauthorized data extraction from the database, including user credentials, personal information, or system configuration.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires admin authentication, but SQL injection techniques are well-documented and easy to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.3 or later

Vendor Advisory: https://github.com/chshcms/cscms/issues/35

Restart Required: No

Instructions:

1. Download latest version from official repository. 2. Backup current installation. 3. Replace vulnerable files with patched version. 4. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to sanitize id parameter before processing.

Modify /admin.php/Links/del to validate id as integer using is_numeric() or similar function

WAF Rule

all

Implement web application firewall rules to block SQL injection patterns.

Add WAF rule: deny requests with SQL keywords in id parameter

🧯 If You Can't Patch

  • Restrict admin panel access to trusted IP addresses only.
  • Implement database user with minimal privileges for the application.

🔍 How to Verify

Check if Vulnerable:

Test /admin.php/Links/del endpoint with SQL injection payloads in id parameter (requires admin credentials).

Check Version:

Check version in system configuration or admin panel.

Verify Fix Applied:

Verify that SQL injection payloads no longer execute and return error messages.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts to admin panel
  • Requests to /admin.php/Links/del with suspicious parameters

Network Indicators:

  • HTTP POST requests containing SQL keywords like UNION, SELECT, OR

SIEM Query:

source="web_logs" AND uri="/admin.php/Links/del" AND (param="id" AND value MATCHES "(?i)(union|select|or|and)")

📊 Metadata

CVE ID: CVE-2022-29681
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: May 26, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29681, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)