Money Transfer Management System 1.0 - SQL Injection
Summary
| Name | Money Transfer Management System - SQL Injection |
| Code name | Jagger |
| Product | Money Transfer Management System 1.0 |
| Affected versions | Version 1.0 |
| State | Public |
| Release date | 2022-03-15 |
Vulnerability
| Kind | SQL injection |
| Rule | 146. SQL injection |
| Remote | Yes |
| CVSSv3 Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| CVSSv3 Base Score | 4.3 |
| Exploit available | No |
| CVE ID(s) | CVE-2022-25223 |
Description
Money Transfer Management System Version 1.0 allows an
authenticated user to inject SQL queries
in mtms/admin/?page=transaction/view_details via the id parameter.
Proof of Concept
Steps to reproduce
- Log in to the application as a normal user.
- Go to
http://127.0.0.1/mtms/admin/?page=transaction/view_details&id=1 - Insert the following query inside the
idparameter.
id=a' union select 1,user(),2,4,5,6,7,8,9,10-- -
- The current database user will be shown inside the
Tracking Codefield.
System Information
- Version: Money Transfer Management System version 1.0.
- Operating System: Linux.
- Web Server: Apache
- PHP Version: 7.4
- Database and version: MySQL
Exploit
There is no exploit for the vulnerability but can be manually exploited.
Mitigation
By 2022-03-15 there is not a patch resolving the issue.
Credits
The vulnerability was discovered by Oscar
Uribe from the Offensive
Team of Fluid Attacks.
References
Timeline
2022-02-15
Vulnerability discovered.
2022-02-15
Vendor contacted.
2022-03-15
Public Disclosure.
