CVE-2022-37773 is an authenticated SQL Injection vulnerability affecting the statistics page (/statistics/retrieve) of Maarch RM version 2.8. The vulnerability arises from improper sanitization of the 'filter' parameter, which is used in SQL queries without adequate validation or parameterization. An attacker with valid credentials can exploit this flaw to perform SQL Injection attacks, enabling them to extract the entire contents of all databases managed by the application. This vulnerability does not require user interaction beyond authentication, and the attack vector is remote network access (AV:N). The complexity of the attack is low (AC:L), meaning it can be exploited with minimal technical effort once authentication is obtained. The vulnerability impacts confidentiality severely (C:H), as it allows full disclosure of sensitive data, but does not affect integrity or availability (I:N, A:N). The scope remains unchanged (S:U), indicating the exploit affects only the vulnerable component without extending to other system components. Maarch RM is an open-source records management system used for document and information management, often deployed in public sector and enterprise environments. The lack of a vendor or product name in the CVE metadata suggests limited commercial distribution or niche usage. No known exploits in the wild have been reported to date, and no patches are currently linked, indicating either a recent discovery or limited public exposure. The vulnerability is classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), a common and critical injection flaw type. Given the authenticated nature of the vulnerability, attackers must first gain valid user credentials, which may be obtained through phishing, credential stuffing, or insider threats. Once exploited, the attacker can retrieve sensitive organizational data, potentially including personal information, internal documents, or configuration details stored in the database.

For European organizations using Maarch RM 2.8, this vulnerability poses a significant risk to data confidentiality. Since the vulnerability allows full database disclosure, sensitive personal data protected under GDPR could be exposed, leading to regulatory penalties and reputational damage. Public sector entities and enterprises managing critical records are particularly at risk, as unauthorized data disclosure could compromise operational security and citizen privacy. The requirement for authentication limits the attack surface but does not eliminate risk, especially if credential management practices are weak. The vulnerability does not directly impact system integrity or availability, so operational disruption is unlikely. However, the breach of confidential data could facilitate further attacks, such as social engineering or targeted intrusions. The absence of known exploits suggests limited exploitation so far, but the medium CVSS score (6.5) indicates a moderate threat level that warrants prompt attention. Organizations relying on Maarch RM for document management should consider this vulnerability a priority for risk assessment and mitigation to prevent potential data breaches.

1. Implement strict input validation and parameterized queries on the 'filter' parameter within the /statistics/retrieve endpoint to prevent SQL Injection. 2. Restrict access to the statistics page to only necessary users with the minimum required privileges to reduce the risk of credential misuse. 3. Enforce strong authentication mechanisms, including multi-factor authentication (MFA), to mitigate the risk of credential compromise. 4. Monitor and audit access logs for unusual or unauthorized queries targeting the statistics page or database access patterns. 5. If possible, isolate the database with network segmentation and apply the principle of least privilege to database accounts used by the application. 6. Regularly update and patch Maarch RM installations once official fixes are released; meanwhile, consider applying community or vendor-provided workarounds. 7. Conduct security awareness training focused on credential security to reduce the risk of phishing or credential theft. 8. Perform penetration testing and code review focused on SQL Injection vulnerabilities in all user input handling components. 9. Backup databases regularly and ensure backups are securely stored to enable recovery in case of data compromise. 10. Engage with the Maarch RM community or maintainers to track vulnerability disclosures and patches.