CVE-2022-30047 – Mingsoft MCMS v5.2.7 contains a SQL injection v... (How to Fix)

Q: What is the severity of CVE-2022-30047?

CVE-2022-30047 has a CVSS score of 9.8 (CRITICAL). Mingsoft MCMS v5.2.7 contains a SQL injection vulnerability in the /mdiy/dict/listExcludeApp endpoint via the orderBy parameter. This allows attackers to execute arbitrary SQL commands on the database. All systems running the vulnerable version are affected.

📋 TL;DR

Mingsoft MCMS v5.2.7 contains a SQL injection vulnerability in the /mdiy/dict/listExcludeApp endpoint via the orderBy parameter. This allows attackers to execute arbitrary SQL commands on the database. All systems running the vulnerable version are affected.

💻 Affected Systems

Products:

Mingsoft MCMS

Versions: v5.2.7

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific version mentioned; other versions may also be vulnerable but not confirmed.

📦 What is this software?

Mcms by Mingsoft

View all CVEs affecting Mcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, or remote code execution via database functions.

🟠

Likely Case

Unauthorized data access, extraction of sensitive information, or database manipulation.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation is straightforward via crafted HTTP requests to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.2.8 or later

Vendor Advisory: https://gitee.com/mingSoft/MCMS/issues/I54VLM

Restart Required: Yes

Instructions:

1. Backup your database and application files. 2. Download the latest version from the official repository. 3. Replace the vulnerable files with patched ones. 4. Restart the web server.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for the orderBy parameter to allow only safe characters.

Modify the application code to sanitize the orderBy parameter before use in SQL queries.

Web Application Firewall (WAF)

all

Deploy a WAF to block SQL injection attempts targeting the vulnerable endpoint.

Configure WAF rules to detect and block malicious orderBy parameter values.

🧯 If You Can't Patch

Restrict access to the /mdiy/dict/listExcludeApp endpoint using network ACLs or authentication.
Monitor logs for unusual SQL queries or access patterns to the vulnerable endpoint.

🔍 How to Verify

Check if Vulnerable:

Check if the application version is v5.2.7 by reviewing the software configuration or version files.

Check Version:

Check the application's version file or configuration settings; no universal command exists.

Verify Fix Applied:

Verify the application has been updated to v5.2.8 or later and test the endpoint with safe input.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
HTTP requests to /mdiy/dict/listExcludeApp with suspicious orderBy parameters

Network Indicators:

HTTP traffic containing SQL keywords in the orderBy parameter

SIEM Query:

source="web_logs" AND uri="/mdiy/dict/listExcludeApp" AND (orderBy CONTAINS "SELECT" OR orderBy CONTAINS "UNION" OR orderBy CONTAINS "OR")

📊 Metadata

CVE ID: CVE-2022-30047

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: May 11, 2022

Last Updated: November 21, 2024

🔗 References

https://gitee.com/mingSoft/MCMS/issues/I54VLM Exploit,Issue Tracking,Third Party Advisory
https://gitee.com/mingSoft/MCMS/issues/I54VLM Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-30047, you might also want to check these: