Login Sign Up

CVE-2022-33055

7.2 HIGH
SQL Injection

📋 TL;DR

Online Railway Reservation System v1.0 contains a SQL injection vulnerability in the admin panel's train management module. Attackers can exploit this by manipulating the 'id' parameter to execute arbitrary SQL commands, potentially compromising the database. This affects all deployments using the vulnerable version.

💻 Affected Systems

Products:
  • Online Railway Reservation System
Versions: v1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin panel access (/orrs/admin/) but SQL injection can bypass authentication if chained with other vulnerabilities.

📦 What is this software?

Online Railway Reservation System by Online Railway Reservation System Project

View all CVEs affecting Online Railway Reservation System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, authentication bypass, and potential server takeover via SQL injection to RCE chaining.

🟠

Likely Case

Unauthorized data access, modification of train schedules, ticket data theft, and potential privilege escalation within the application.

🟢

If Mitigated

Limited to attempted SQL errors in logs with no successful exploitation due to proper input validation and parameterized queries.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires admin authentication but SQL injection payloads are simple and well-documented. Public PoC available in GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Replace vulnerable code with parameterized queries in /orrs/admin/trains/manage_train.php.

🔧 Temporary Workarounds

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns targeting the /orrs/admin/trains/manage_train.php endpoint.

Input Validation Filter

all

Add server-side validation to only accept numeric values for the 'id' parameter.

// PHP example: if(!is_numeric($_GET['id'])) { die('Invalid input'); }

🧯 If You Can't Patch

  • Restrict access to /orrs/admin/ directory to specific IP addresses only
  • Disable the trains management module if not essential for operations

🔍 How to Verify

Check if Vulnerable:

Test with SQL injection payload: /orrs/admin/trains/manage_train.php?id=1' OR '1'='1

Check Version:

Check application version in footer or about page, typically displays 'v1.0'

Verify Fix Applied:

Verify parameterized queries are implemented and test with same payload expecting proper error handling.

📡 Detection & Monitoring

Log Indicators:

  • SQL syntax errors in web server logs
  • Unusual database queries from web application user
  • Multiple failed parameter requests to manage_train.php

Network Indicators:

  • HTTP requests with SQL keywords in id parameter
  • Unusual traffic patterns to admin panel

SIEM Query:

source="web_logs" AND uri="/orrs/admin/trains/manage_train.php" AND (query CONTAINS "' OR" OR query CONTAINS "UNION" OR query CONTAINS "SELECT *")

📊 Metadata

CVE ID: CVE-2022-33055
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: June 21, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-33055, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)