CVE-2022-24223 Scanner

Atom CMS is a content management system designed to help users easily create and manage their websites. It is aimed at providing a simple yet powerful platform for web development, especially for users with limited coding knowledge. The software allows for easy content updates, user management, and customization of web pages through a user-friendly interface. It is particularly popular among small businesses and individual bloggers who require a straightforward solution for their web presence. Version 2.0 of Atom CMS has been identified to contain a critical SQL Injection vulnerability, affecting the security of websites using this version.

The SQL Injection vulnerability in Atom CMS version 2.0 allows attackers to execute arbitrary SQL commands through the admin login page. This vulnerability exposes the system to unauthorized access, where attackers can manipulate the database, access sensitive information, or potentially take control of the affected web application. The issue is particularly severe because it requires no user authentication to exploit, making it accessible to any attacker who can send crafted requests to the vulnerable login page.

The vulnerability is specifically found in the /admin/login.php file, where user input from the email field is improperly sanitized before being used in SQL queries. This allows an attacker to inject malicious SQL code by manipulating the input fields on the login form. By exploiting this flaw, attackers can bypass authentication, retrieve data from the database, or even perform administrative actions without proper credentials. The vulnerability showcases the critical importance of input validation and sanitization in web applications.

Exploitation of this vulnerability could lead to severe consequences including unauthorized access to the CMS's administrative functions, exposure of sensitive data such as user credentials and personal information, and potential compromise of the entire web application. In the worst-case scenario, attackers could leverage this access to launch further attacks against the website's users or underlying server infrastructure.

By leveraging the SecurityForEveryone platform, users can detect and address vulnerabilities like the SQL Injection in Atom CMS v2.0, ensuring their digital assets are protected against cyber threats. Our platform offers comprehensive scanning capabilities that highlight security weaknesses and provide detailed recommendations for remediation. Joining SecurityForEveryone empowers website owners with the tools and knowledge needed to maintain a secure and trustworthy online presence.

References

• https://packetstormsecurity.com/files/165922/Atom-CMS-2.0-SQL-Injection.html
• https://github.com/thedigicraft/Atom.CMS/issues/255
• https://nvd.nist.gov/vuln/detail/CVE-2022-24223
• https://github.com/ARPSyndicate/cvemon
• https://github.com/Enes4xd/Enes4xd