Skip to main content

CVE-2022-43350: n/a in n/a

High
VulnerabilityCVE-2022-43350cvecve-2022-43350
Published: Mon Nov 07 2022 (11/07/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry.

AI-Powered Analysis

AILast updated: 07/03/2025, 09:40:39 UTC

Technical Analysis

CVE-2022-43350 is a high-severity SQL injection vulnerability identified in Sanitization Management System version 1.0. The flaw exists in the handling of the 'id' parameter within the endpoint /php-sms/classes/Master.php?f=delete_inquiry. Specifically, the application fails to properly sanitize or validate the 'id' input before incorporating it into SQL queries. This allows an attacker with high privileges (PR:H) and network access (AV:N) to inject malicious SQL code, potentially manipulating the backend database. The vulnerability does not require user interaction (UI:N) and affects the confidentiality, integrity, and availability of the system (C:H/I:H/A:H). The CVSS 3.1 base score of 7.2 reflects these factors. Exploitation could lead to unauthorized data access, data modification, or deletion, and possibly full compromise of the database. Although no known exploits are currently reported in the wild, the vulnerability’s characteristics make it a significant risk, especially in environments where the Sanitization Management System is deployed. The CWE-89 classification confirms this is a classic SQL injection issue, a well-understood attack vector that remains a common cause of severe breaches.

Potential Impact

For European organizations using the Sanitization Management System v1.0, this vulnerability poses a substantial risk. Successful exploitation could lead to unauthorized disclosure of sensitive data, including personal or health-related information if the system manages sanitization records in healthcare or public facilities. Data integrity could be compromised, resulting in inaccurate or falsified records, which may affect compliance with strict European data protection regulations such as GDPR. Availability impacts could disrupt operational continuity, especially in critical infrastructure or public health sectors relying on this system. The high privileges required for exploitation suggest that insider threats or compromised administrative accounts could be leveraged to exploit this vulnerability, increasing the risk in environments with insufficient access controls or monitoring. The lack of available patches further elevates the risk, necessitating immediate mitigation to prevent potential data breaches or service disruptions.

Mitigation Recommendations

Given the absence of official patches, European organizations should implement immediate compensating controls. First, restrict network access to the vulnerable endpoint by applying firewall rules or network segmentation to limit exposure only to trusted administrative users. Enforce strict access controls and monitor administrative accounts for suspicious activity to reduce the risk of privilege misuse. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection attempts targeting the 'id' parameter in the delete_inquiry function. Conduct thorough input validation and sanitization at the application level, if source code access is available, to neutralize malicious inputs. Regularly audit database logs for anomalous queries indicative of injection attempts. Additionally, organizations should prepare for incident response by backing up critical data securely and ensuring rapid recovery capabilities. Engage with the vendor or community to track any forthcoming patches or updates addressing this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2022-10-17T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d981dc4522896dcbdb003

Added to database: 5/21/2025, 9:08:45 AM

Last enriched: 7/3/2025, 9:40:39 AM

Last updated: 8/16/2025, 1:22:24 PM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats