Login Sign Up

CVE-2022-33058

7.2 HIGH
SQL Injection

📋 TL;DR

Online Railway Reservation System v1.0 contains a SQL injection vulnerability in the delete_message function that allows attackers to execute arbitrary SQL commands via the id parameter. This affects all deployments of this specific software version. Attackers can potentially read, modify, or delete database contents.

💻 Affected Systems

Products:
  • Online Railway Reservation System
Versions: v1.0
Operating Systems: Any
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations of version 1.0. The vulnerability is in the core application code.

📦 What is this software?

Online Railway Reservation System by Online Railway Reservation System Project

View all CVEs affecting Online Railway Reservation System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, authentication bypass, and potential remote code execution if database functions allow it.

🟠

Likely Case

Unauthorized data access and manipulation, potentially exposing sensitive passenger information, booking details, and administrative credentials.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authentication to access the vulnerable endpoint. The GitHub reference shows detailed proof-of-concept.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Consider migrating to a different railway reservation system or implementing custom fixes.

🔧 Temporary Workarounds

Implement Input Validation

all

Add server-side validation to ensure id parameter contains only expected values

Modify /classes/Master.php to validate id parameter before processing

Use Parameterized Queries

all

Replace dynamic SQL with prepared statements

Update SQL queries in delete_message function to use prepared statements

🧯 If You Can't Patch

  • Implement WAF rules to block SQL injection patterns targeting the /classes/Master.php endpoint
  • Restrict access to the vulnerable endpoint using network segmentation or authentication requirements

🔍 How to Verify

Check if Vulnerable:

Test the /classes/Master.php?f=delete_message endpoint with SQL injection payloads in the id parameter

Check Version:

Check application version in admin panel or configuration files

Verify Fix Applied:

Test with SQL injection payloads after implementing fixes to ensure they are blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in application logs
  • Multiple failed delete_message attempts
  • SQL keywords in id parameter values

Network Indicators:

  • HTTP requests to /classes/Master.php with SQL injection patterns in parameters

SIEM Query:

source="web_logs" AND uri="/classes/Master.php" AND (param="id" AND value MATCHES "(?i)(union|select|insert|update|delete|drop|--|#|;)")

📊 Metadata

CVE ID: CVE-2022-33058
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: June 29, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-33058, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)