CVE-2022-40347
📋 TL;DR
This CVE describes an unauthenticated SQL injection vulnerability in Intern Record System version 1.0. Attackers can exploit parameters in the controller.php file to execute arbitrary SQL commands, potentially gaining access to sensitive database information or system control. Any organization using this specific version of the software is affected.
💻 Affected Systems
- Intern Record System
📦 What is this software?
Intern Record System by Intern Record System Project
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, privilege escalation, remote code execution, and full system takeover.
Likely Case
Database information disclosure including user credentials, personal data, and system information that could enable further attacks.
If Mitigated
Limited impact with proper input validation and parameterized queries preventing SQL injection.
🎯 Exploit Status
Multiple public exploit scripts and detailed analysis available on GitHub and Packet Storm Security.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch exists. Replace vulnerable code with parameterized queries and input validation.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict input validation and sanitization for phone, email, deptType, and name parameters
Modify /intern/controller.php to use prepared statements with parameterized queries
Web Application Firewall (WAF)
allDeploy WAF rules to block SQL injection patterns
Configure WAF to detect and block SQL injection attempts in POST/GET parameters
🧯 If You Can't Patch
- Isolate the system behind a reverse proxy with strict input filtering
- Implement network segmentation to limit database access from the application server
🔍 How to Verify
Check if Vulnerable:
Test the /intern/controller.php endpoint with SQL injection payloads in phone, email, deptType, or name parametersCheck Version:
Check PHP files for version comments or review source code structureVerify Fix Applied:
Verify that parameterized queries are implemented and test with SQL injection payloads that should be rejected📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in application logs
- Multiple failed login attempts with SQL syntax in parameters
- Unexpected database queries from application user
Network Indicators:
- HTTP requests containing SQL keywords (SELECT, UNION, DROP, etc.) in parameters
- Unusual database connection patterns from application server
SIEM Query:
source="web_logs" AND ("SELECT" OR "UNION" OR "DROP" OR "INSERT" OR "UPDATE") AND uri="/intern/controller.php"🔗 References
- http://packetstormsecurity.com/files/171740/Intern-Record-System-1.0-SQL-Injection.html
- https://code-projects.org/intern-record-system-in-php-with-source-code/
- https://download-media.code-projects.org/2020/03/Intern_Record_System_In_PHP_With_Source_Code.zip
- https://github.com/h4md153v63n/CVE-2022-40347_Intern-Record-System-phone-V1.0-SQL-Injection-Vulnerability-Unauthenticated
- http://packetstormsecurity.com/files/171740/Intern-Record-System-1.0-SQL-Injection.html
- https://code-projects.org/intern-record-system-in-php-with-source-code/
- https://download-media.code-projects.org/2020/03/Intern_Record_System_In_PHP_With_Source_Code.zip
- https://github.com/h4md153v63n/CVE-2022-40347_Intern-Record-System-phone-V1.0-SQL-Injection-Vulnerability-Unauthenticated
