CVE-2022-40032
Published: 17 February 2023
Summary
CVE-2022-40032 is a critical-severity SQL Injection (CWE-89) vulnerability in Simple Task Managing System Project Simple Task Managing System. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 1.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2022-40032 is a SQL injection vulnerability affecting the Simple Task Managing System version 1.0, specifically in the login.php file where the username and password parameters are processed without adequate sanitization. The flaw is tracked under CWE-89 and carries a CVSS 3.1 base score of 9.8, reflecting network-accessible, low-complexity attack conditions with no required authentication or user interaction.
Unauthenticated remote attackers can supply crafted input to the affected parameters and execute arbitrary SQL commands, enabling them to extract sensitive data, bypass authentication, or run additional code on the underlying database server.
Public references consist primarily of exploit code and the original vulnerable source archive rather than vendor advisories; no official patch or mitigation guidance is documented in the provided materials. The associated EPSS score reached a peak of 0.7898 after disclosure before settling at 0.6402, indicating sustained post-publication exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-43356
Vulnerability details
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.