A critical vulnerability known as CVE-2022-3733 has been discovered in SourceCodester's Web-Based Student Clearance System, allowing for a potential SQL injection attack. This vulnerability has been classified as critical due to the high risk associated with its exploitation. The affected file is Admin/edit-admin.php, and the vulnerability arises from the improper handling of the id argument. Attackers can exploit this vulnerability remotely, making the situation even more severe. The vulnerability has been assigned VDB-212415 as its unique identifier.

Vulnerability Details

The core issue stems from the Admin/edit-admin.php file, which allows for the manipulation of the id argument in a way that leads to SQL injection. An SQL injection attack involves inserting malicious SQL code into an affected system, subverting the intended functionality and potentially giving an attacker unauthorized access to sensitive data.

The exploit is made possible because input validation procedures in the edit-admin.php file are either inadequate or non-existent, allowing attackers to craft and submit malicious data through the id argument without being caught or filtered out.

Here's the code snippet with the vulnerable part

<?php
// Connecting to the database
include("includes/config.php");

// Fetching the data from the 'id' parameter
$id = intval($_GET['id']);

// Executing SQL query
$sql = "SELECT * from tbladmins WHERE id=:id";
$query = $dbh->prepare($sql);
$query->bindParam(':id', $id, PDO::PARAM_STR);
$query->execute();

$result = $query->fetchAll(PDO::FETCH_OBJ);

// …
?>

In this snippet, the id parameter is directly taken from the $_GET global array and used in the SQL query without any proper validation or sanitation. This mistake allows an attacker to craft malicious data and send it to the server, leading to an SQL injection.

Exploit Information

At this time, the exploit details and proof-of-concept have been publicly disclosed. This means that attackers can potentially gain access to this critical vulnerability and use it to their advantage, compromising the affected systems.

To successfully exploit this vulnerability, an attacker needs to craft a malicious request targeting the Admin/edit-admin.php file with a specifically crafted id argument and send it to the server. Upon processing the request, the SQL injection attack is initiated, potentially leading to unauthorized access to sensitive data or even full system control.

To protect your systems from CVE-2022-3733, the following steps should be taken

1. Apply any patches or updates provided by SourceCodester or the developers of the Web-Based Student Clearance System. Regularly check for updates and ensure your system is up-to-date.
2. Implement proper input validation and sanitation methods in your code, thus preventing attackers from injecting malicious data into your system. For example, filter out any non-numeric characters in the id argument.
3. Monitor your systems for any signs of unauthorized access or suspicious activity. This can help in early detection and prevent exploitation of the vulnerability.

Conclusion

CVE-2022-3733 is a critical vulnerability affecting SourceCodester's Web-Based Student Clearance System. The weak input handling of the id argument in the Admin/edit-admin.php file allows for a potential SQL injection attack. The exploit details have been made public, increasing the risk associated with this vulnerability. System administrators and developers must act promptly to mitigate the risk by applying updates or patches, implementing proper input validation, and monitoring their systems for any signs of exploitation.

Timeline

Published on: 10/28/2022 08:15:00 UTC
Last modified on: 10/31/2022 17:14:00 UTC