CVE-2022-32012 – CVE-2022-32012 is an SQL injection vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2022-32012?

CVE-2022-32012 has a CVSS score of 7.2 (HIGH). CVE-2022-32012 is an SQL injection vulnerability in Complete Online Job Search System v1.0 that allows attackers to execute arbitrary SQL commands via the 'id' parameter in the admin employee edit page. This affects all organizations using this specific software version. Attackers can potentially access, modify, or delete database content.

📋 TL;DR

CVE-2022-32012 is an SQL injection vulnerability in Complete Online Job Search System v1.0 that allows attackers to execute arbitrary SQL commands via the 'id' parameter in the admin employee edit page. This affects all organizations using this specific software version. Attackers can potentially access, modify, or delete database content.

💻 Affected Systems

Products:

Complete Online Job Search System

Versions: v1.0

Operating Systems: Any OS running PHP web server

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default installation. Requires PHP environment with database backend (typically MySQL).

📦 What is this software?

Complete Online Job Search System by Complete Online Job Search System Project

View all CVEs affecting Complete Online Job Search System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including credential theft, data destruction, and potential server takeover via SQL injection leading to remote code execution.

🟠

Likely Case

Unauthorized data access and modification, including extraction of sensitive employee and job applicant information, and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection execution.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is accessible via web interface and requires no authentication for exploitation.

🏢 Internal Only: MEDIUM - While still vulnerable, internal-only deployment reduces external attack surface but doesn't eliminate insider threat risk.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available on GitHub. Exploitation requires only web access to vulnerable endpoint with crafted 'id' parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Implement parameterized queries in /eris/admin/employee/index.php and validate/sanitize all user inputs.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns targeting the vulnerable endpoint

Input Validation Filter

all

Add input validation to only accept numeric values for the 'id' parameter

Add to index.php: if(!is_numeric($_GET['id'])) { die('Invalid input'); }

🧯 If You Can't Patch

Block external access to /eris/admin/ directory via firewall or web server configuration
Implement network segmentation to isolate the vulnerable system from sensitive databases

🔍 How to Verify

Check if Vulnerable:

Test by accessing /eris/admin/employee/index.php?view=edit&id=1' and appending SQL injection payloads

Check Version:

Check software version in admin panel or readme files

Verify Fix Applied:

Verify that SQL injection payloads no longer execute and return error messages

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in web server logs
Multiple requests to /eris/admin/employee/index.php with suspicious 'id' parameters
Database query errors containing SQL syntax

Network Indicators:

HTTP requests with SQL keywords in URL parameters
Unusual traffic patterns to admin endpoints

SIEM Query:

source="web_server.log" AND (url="*eris/admin/employee/index.php*" AND (param="*id=*'*" OR param="*id=*%27*" OR param="*id=*UNION*"))

📊 Metadata

CVE ID: CVE-2022-32012

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: June 2, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/online-job-search-system/SQLi-4.md Exploit,Third Party Advisory
https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/online-job-search-system/SQLi-4.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-32012, you might also want to check these: