CVE-2022-31953
📋 TL;DR
Rescue Dispatch Management System v1.0 contains a SQL injection vulnerability in the incident report viewer that allows attackers to execute arbitrary SQL commands. This affects all users running the vulnerable version, potentially compromising the entire database and system. Attackers can exploit this without authentication via the web interface.
💻 Affected Systems
- Rescue Dispatch Management System
📦 What is this software?
Rescue Dispatch Management System by Rescue Dispatch Management System Project
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, data manipulation, authentication bypass, and potential remote code execution on the underlying server.
Likely Case
Database information disclosure including sensitive incident data, user credentials, and system configuration.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only allowing data viewing without modification.
🎯 Exploit Status
Public proof-of-concept exists showing SQL injection via the 'id' parameter. Exploitation requires minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None found
Restart Required: No
Instructions:
No official patch available. Consider implementing parameterized queries or input validation as described in workarounds.
🔧 Temporary Workarounds
Input Validation and Sanitization
allAdd input validation to ensure 'id' parameter contains only numeric values before processing.
Modify /rdms/admin/incident_reports/view_report.php to validate input: if(!is_numeric($_GET['id'])) { die('Invalid input'); }
Web Application Firewall (WAF)
allDeploy WAF rules to block SQL injection patterns targeting the vulnerable endpoint.
Add WAF rule: Block requests to /rdms/admin/incident_reports/view_report.php with SQL injection patterns in parameters
🧯 If You Can't Patch
- Restrict access to /rdms/admin/ directory using network controls or authentication
- Implement database user with minimal permissions (read-only if possible)
🔍 How to Verify
Check if Vulnerable:
Test the endpoint with SQL injection payload: /rdms/admin/incident_reports/view_report.php?id=1' OR '1'='1Check Version:
Check system documentation or about page; no standard version command available.Verify Fix Applied:
Test with same payload after fixes; should return error or no data instead of executing SQL.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in web server logs
- Multiple requests to view_report.php with special characters in id parameter
- Database query errors containing SQL syntax
Network Indicators:
- HTTP requests to vulnerable endpoint with SQL keywords in parameters
- Unusual database connection patterns from web server
SIEM Query:
source="web_logs" AND uri="/rdms/admin/incident_reports/view_report.php" AND (param="id" AND value MATCHES "[';]|OR|UNION|SELECT")