CVE-2022-32300 – CVE-2022-32300 is a SQL injection vulnerability... (How to Fix)

Q: What is the severity of CVE-2022-32300?

CVE-2022-32300 has a CVSS score of 8.8 (HIGH). CVE-2022-32300 is a SQL injection vulnerability in YoudianCMS v9.5.0 that allows attackers to execute arbitrary SQL commands via the MailSendID parameter. This affects administrators using the mail management functionality and could lead to data theft, modification, or deletion. The vulnerability is in the admin panel, requiring admin access to exploit.

📋 TL;DR

CVE-2022-32300 is a SQL injection vulnerability in YoudianCMS v9.5.0 that allows attackers to execute arbitrary SQL commands via the MailSendID parameter. This affects administrators using the mail management functionality and could lead to data theft, modification, or deletion. The vulnerability is in the admin panel, requiring admin access to exploit.

💻 Affected Systems

Products:

YoudianCMS

Versions: v9.5.0

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin access to the /App/Lib/Action/Admin/MailAction.class.php endpoint.

📦 What is this software?

Youdiancms by Youdiancms

View all CVEs affecting Youdiancms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data exfiltration, privilege escalation, or remote code execution if database functions allow it.

🟠

Likely Case

Unauthorized data access, modification of database content, or potential authentication bypass.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place.

🌐 Internet-Facing: MEDIUM - Requires admin authentication but could be exploited if admin credentials are compromised.

🏢 Internal Only: MEDIUM - Internal attackers with admin access could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection via MailSendID parameter is straightforward to exploit with basic SQL knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v9.5.1 or later

Vendor Advisory: https://www.yuque.com/docs/share/bf37643b-9782-4320-9ca9-cf38a331b686

Restart Required: No

Instructions:

1. Backup your database and application files. 2. Download and install YoudianCMS v9.5.1 or later. 3. Replace the vulnerable MailAction.class.php file. 4. Test the mail functionality to ensure it works properly.

🔧 Temporary Workarounds

Input Validation Workaround

all

Add input validation to sanitize the MailSendID parameter before processing.

Edit /App/Lib/Action/Admin/MailAction.class.php and add: if (!is_numeric($_POST['MailSendID'])) { die('Invalid input'); }

WAF Rule

all

Implement web application firewall rules to block SQL injection patterns.

Add WAF rule: SecRule ARGS:MailSendID "@rx (?i:(union|select|insert|update|delete|drop|exec|xp_))" "id:1001,phase:2,deny,status:403"

🧯 If You Can't Patch

Implement strict input validation for all user inputs in the application
Use parameterized queries or prepared statements for all database operations

🔍 How to Verify

Check if Vulnerable:

Check if YoudianCMS version is 9.5.0 and examine MailAction.class.php for unsanitized MailSendID parameter usage.

Check Version:

Check the version in the application's configuration file or admin panel.

Verify Fix Applied:

Verify version is 9.5.1 or later and test mail functionality with various MailSendID inputs.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by mail function access
Suspicious parameter values in web server logs

Network Indicators:

POST requests to /App/Lib/Action/Admin/MailAction.class.php with SQL keywords in parameters

SIEM Query:

source="web_server" AND uri="/App/Lib/Action/Admin/MailAction.class.php" AND (param="MailSendID" AND value MATCHES "(?i:union|select|insert|update|delete|drop|exec)")

📊 Metadata

CVE ID: CVE-2022-32300

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: June 15, 2022

Last Updated: November 21, 2024

🔗 References

https://www.yuque.com/docs/share/bf37643b-9782-4320-9ca9-cf38a331b686 Exploit,Third Party Advisory
https://www.yuque.com/docs/share/bf37643b-9782-4320-9ca9-cf38a331b686 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-32300, you might also want to check these: