CVE-2022-30335 – CVE-2022-30335 is a critical SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2022-30335?

CVE-2022-30335 has a CVSS score of 9.8 (CRITICAL). CVE-2022-30335 is a critical SQL injection vulnerability in Bonanza Wealth Management System (BWM) 7.3.2 that allows unauthenticated attackers to extract encrypted passwords from the database via the login form. This affects all organizations using the vulnerable version of BWM software. Attackers can potentially gain access to sensitive financial data and system credentials.

📋 TL;DR

CVE-2022-30335 is a critical SQL injection vulnerability in Bonanza Wealth Management System (BWM) 7.3.2 that allows unauthenticated attackers to extract encrypted passwords from the database via the login form. This affects all organizations using the vulnerable version of BWM software. Attackers can potentially gain access to sensitive financial data and system credentials.

💻 Affected Systems

Products:

Bonanza Wealth Management System (BWM)

Versions: 7.3.2

Operating Systems: Windows (based on Microsoft SQL Server usage)

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the login form component. Requires Microsoft SQL Server backend as mentioned in the description.

📦 What is this software?

Bonanza Wealth Management System by Wealth

View all CVEs affecting Bonanza Wealth Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to theft of all encrypted passwords, financial data exfiltration, and potential lateral movement to other systems if passwords are cracked or reused.

🟠

Likely Case

Attackers extract encrypted password hashes, attempt to crack them offline, and gain unauthorized access to the wealth management system and associated financial data.

🟢

If Mitigated

With proper input validation and parameterized queries, the SQL injection would be prevented, limiting impact to failed login attempts.

🌐 Internet-Facing: HIGH - The login form is typically internet-facing, allowing remote exploitation without authentication.

🏢 Internal Only: MEDIUM - Internal users could exploit this if they have network access to the application, though external threats are more likely.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via login form is a well-understood attack vector with public proof-of-concept available in the referenced GitHub gist.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.wealth.co.th/products/bonanza-wealth-management/

Restart Required: No

Instructions:

1. Contact vendor Wealth.co.th for patch information. 2. Check for updated versions beyond 7.3.2. 3. Apply vendor-provided security updates.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection rules to block malicious payloads at the login form.

Input Validation Filter

all

Implement server-side input validation to reject SQL special characters in the username field.

🧯 If You Can't Patch

Isolate the BWM system from internet access and restrict to internal network only.
Implement network segmentation and monitor for unusual database queries from the application server.

🔍 How to Verify

Check if Vulnerable:

Test the login form with SQL injection payloads like ' OR '1'='1 in the username field and observe if database errors or unexpected behavior occurs.

Check Version:

Check application version through admin interface or consult vendor documentation.

Verify Fix Applied:

After applying fixes, attempt the same SQL injection tests and verify they are properly rejected without database errors.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed login attempts with SQL special characters
Database queries containing UNION SELECT or other injection patterns

Network Indicators:

Unusual outbound database connections from application server
Traffic patterns suggesting database enumeration

SIEM Query:

source="bwm_logs" AND (message="*sql*error*" OR message="*union*select*" OR message="*' OR '*" )

📊 Metadata

CVE ID: CVE-2022-30335

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: May 9, 2022

Last Updated: November 21, 2024

🔗 References

https://gist.github.com/aliceicl/b2f25f3a0a3ba9973e4977f922d04008 Third Party Advisory
https://incognitolab.com Not Applicable
https://www.wealth.co.th/products/bonanza-wealth-management/ Product
https://gist.github.com/aliceicl/b2f25f3a0a3ba9973e4977f922d04008 Third Party Advisory
https://incognitolab.com Not Applicable
https://www.wealth.co.th/products/bonanza-wealth-management/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-30335, you might also want to check these: