A user with the “admin” privilege can inject SQL queries by setting the “name” field to “' or '=' or '%22 or '; or '{ or '} or '# or '@ or '\ or '> or ' or 'd or 's or 'h or 'x or 'b or 'v or 'g or 'k or 'm or 'n or 'o or 'r or 'y or '_ or 'a or 'f or 'z or 'l or 'c or 's or 'd or 'e or 'r or 's or 'p or '. The SQL query can be used to inject malicious code. An attacker can use this vulnerability to inject code that can be used to steal data or redirect users to another website.

Affected Software

The following versions of the affected software have been confirmed to use vulnerable code:
* 1.0.0-1.4
* 2.0
* 2.1
* 2.2
* 2.3

Affected TDS V9.2 and Earlier Versions

The vulnerability is located in the name field of SQL queries in the tds_query.php files of TDS V9.2 and earlier versions that have been installed on a web server.
An attacker can use this vulnerability to inject code that can be used to steal data or redirect users to another website. The vulnerability is under control by updating from TDS V9.2 and earlier versions to TDS V10, which has fixed the issue.

Vulnerability overview

A vulnerability in the user account system of a web application allows an attacker with a "moderator" or "administrator" privilege to inject SQL queries.
The vulnerability is caused by insufficient input validation and input sanitization.
An attacker can use this vulnerability to inject code that can be used to steal data or redirect users to another website.

References:

- https://www.dhh.mo.gov/privacy-security/CVE-2022-42098
- http://www.theregister.co.uk/2012/12/19/mozilla_sql_injection_bug
- https://www.safesignal.com/blog/2018/02/11/what-is-sql-injection (Safesignal)

Credit: Aharon Amon, CISSP

This is a SQL injection vulnerability, which means that someone with the “admin” privileges can inject SQL queries by setting the “name” field to “' or '=' or '%22 or '; or '{ or '} or '# or '@ or '\ or '. This can be exploited to steal data from databases and redirect users to other websites.

Timeline

Published on: 11/22/2022 13:15:00 UTC
Last modified on: 11/23/2022 19:26:00 UTC

References