CVE-2022-50805
SQL Injection in Senayan LMS 9.0.0 Allows Data Exposure
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| slims.web.id | senayan_library_management_system | 9.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Applying any available patches or updates from the Senayan Library Management System vendor that address this SQL injection vulnerability. 2) If patches are not available, implement input validation and sanitization on the 'class' parameter to prevent injection of malicious SQL code. 3) Employ web application firewalls (WAFs) to detect and block SQL injection attempts targeting the vulnerable parameter. 4) Restrict database permissions to limit the impact of any successful injection. 5) Monitor logs and network traffic for suspicious activity related to this vulnerability. 6) Consider temporarily disabling or restricting access to the vulnerable functionality until a permanent fix is applied. [4, 2]
Can you explain this vulnerability to me?
CVE-2022-50805 is a high-severity SQL injection vulnerability in Senayan Library Management System (SLiMS) version 9.0.0. It exists in the 'class' parameter, which does not properly sanitize input, allowing attackers to inject malicious SQL queries. By submitting specially crafted payloads through this parameter, attackers can manipulate database queries, potentially extracting sensitive information or executing unauthorized commands. [2, 4]
How can this vulnerability impact me? :
This vulnerability can allow attackers to perform blind SQL injection attacks, leading to unauthorized extraction of sensitive information from the database. It may also enable remote code execution or further compromise of the system. Since the attack requires no privileges or user interaction and can be performed remotely over the network, it poses a significant risk to the confidentiality and integrity of the affected system's data. [2, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted GET requests to the vulnerable endpoint of SLiMS 9.0.0, specifically targeting the 'class' parameter with SQL injection payloads. For example, a boolean-based blind SQL injection payload using MySQL's RLIKE operator can be used to test the vulnerability. A sample payload is: reportView=true&year=2002&class=bbbb''' RLIKE (SELECT (CASE WHEN (2547=2547) THEN 0x626262622727 ELSE 0x28 END)) AND 'dLjf'='dLjf&membershipType=a&collType=aaaa. You can use curl or similar tools to send such requests and observe the responses for signs of SQL injection. Additionally, monitoring network traffic for unusual outbound connections triggered by injected payloads (such as attempts to load files from external UNC paths) can help detect exploitation attempts. [4]