CVE-2022-31945 in Rescue Dispatch Management System
Summary
by MITRE • 06/02/2022
Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php?f=delete_img.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 06/05/2022
The vulnerability identified as CVE-2022-31945 affects the Rescue Dispatch Management System version 1.0, specifically targeting the file deletion functionality within the Master.php class. This issue represents a critical path traversal and arbitrary file deletion vulnerability that allows unauthorized attackers to remove any file accessible to the web application's operating system. The vulnerability manifests through the parameter f=delete_img in the URL path, indicating that the application fails to properly validate or sanitize file paths submitted through this interface. The flaw enables attackers to manipulate the file deletion process and potentially remove critical system files, configuration data, or user information stored on the server.
This vulnerability falls under the category of improper input validation and lacks proper access control mechanisms, aligning with CWE-22 Path Traversal and CWE-79 Cross-Site Scripting patterns. The system does not implement adequate sanitization of user-supplied input before processing file operations, creating an environment where attackers can craft malicious requests to target arbitrary files on the server. The absence of proper authentication checks for the delete_img function means that any remote user can exploit this functionality without proper authorization. This weakness directly maps to ATT&CK technique T1078 Valid Accounts and T1486 Data Encrypted for Impact, as it provides attackers with the capability to compromise system integrity and potentially disrupt operations.
The operational impact of this vulnerability extends beyond simple file deletion, as it can lead to complete system compromise and data loss. An attacker could leverage this vulnerability to remove critical application files, configuration databases, or even system binaries that would prevent the application from functioning properly. The vulnerability creates a persistent threat vector that allows attackers to maintain long-term access to compromised systems by deleting forensic evidence or system files that would normally prevent unauthorized modifications. This weakness particularly affects systems where the web application runs with elevated privileges, as the file deletion capability could extend to system-critical files that would otherwise be protected by access controls.
Mitigation strategies for CVE-2022-31945 require immediate implementation of proper input validation and access control measures. The system must validate all user-supplied input through strict sanitization routines that prevent path traversal attacks and ensure that file operations are restricted to authorized directories only. Implementing proper authentication checks for the delete_img function is essential to prevent unauthorized access to file deletion capabilities. Organizations should also establish proper file access controls that limit the web application's ability to delete files outside of designated directories. Additionally, implementing proper logging and monitoring of file operations can help detect and respond to unauthorized file deletion attempts. The remediation process should include updating the application to a patched version that properly validates file paths and implements appropriate access controls, while also conducting comprehensive security testing to ensure that similar vulnerabilities do not exist in other parts of the system.