CVE-2022-28033 Scanner
This scanner detects SQL Injection vulnerabilities in Atom.CMS 2.0 digital assets.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 week 3 hours
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
Atom.CMS is a web-based content management system designed for small to medium-sized websites. It is used by developers and website administrators to create, manage, and maintain digital content efficiently. Atom.CMS is valued for its user-friendly interface and features that cater to non-technical users. With version 2.0, it integrates advanced customization options to cater to modern digital demands. However, like many CMS platforms, it requires regular updates to mitigate vulnerabilities that could arise in its software components. Atom.CMS serves both individuals and small businesses that rely on robust, customizable website management solutions.
SQL Injection vulnerabilities are among the most critical threats to web-based applications, allowing attackers to manipulate SQL queries by injecting malicious input. In Atom.CMS 2.0, this vulnerability exists in the `Atom.CMS_admin_uploads.php` endpoint. When exploited, attackers can execute arbitrary SQL commands, potentially leading to data exposure or alteration. The vulnerability is particularly concerning because it requires no authentication, broadening the attack surface significantly. Proactive identification and resolution of this issue are vital to ensure the integrity of websites built using Atom.CMS 2.0.
The vulnerability lies in improper input sanitization in the `uploads.php` file within Atom.CMS. Attackers can leverage the `id` parameter in HTTP GET requests to inject SQL commands such as `sleep(7)`, testing the system’s susceptibility. Successful exploitation is confirmed if the response time significantly increases, indicating a server-side delay caused by the SQL query execution. The presence of this issue highlights the importance of secure coding practices and proper input validation mechanisms in web development.
When exploited, this vulnerability can have severe implications, including unauthorized database access, sensitive data theft, and complete data manipulation. It may also enable attackers to compromise website functionality or integrity. Organizations using Atom.CMS 2.0 risk financial losses, reputation damage, and potential legal liabilities if such vulnerabilities are left unresolved. It underscores the necessity for routine security assessments and timely patch application.
REFERENCES
