Miggo Logo
Miggo Vulnerability Database
CVE-2022-4963

CVE-2022-4963: SQL injection in Folio Spring Module Core

5.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-4963
GHSA ID
GHSA-4h5h-p23f-hjqf
EPSS Score
0.24652%
CWE
CWE-89
Published
3/21/2024
Updated
3/21/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.folio:spring-module-coremaven< 2.0.02.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two key points: 1) dropSchema in HibernateSchemaService.java executed raw SQL with unvalidated schema names, and 2) getSchema in SchemaService.java didn't properly sanitize tenant-derived schema names pre-2.0.0. The commit d374a5f fixed this by adding regex validation ([a-zA-Z0-9_]+) in getSchema and using prepared statements where possible. The vulnerability exists in the interaction between these two functions - unvalidated output from getSchema became dangerous input to dropSchema's SQL commands.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility w*s *oun* in *olio Sprin* Mo*ul* *or* ***or* *.*.*. *****t** *y t*is issu* is t** *un*tion *ropS***m* o* t** *il* t*n*nt/sr*/m*in/j*v*/or*/*olio/sprin*/t*n*nt/*i**rn*t*/*i**rn*t*S***m*S*rvi**.j*v* o* t** *ompon*nt S***m* N*m* **n*l*r.

Reasoning

T** vuln*r**ility st*ms *rom two k*y points: *) `*ropS***m*` in `*i**rn*t*S***m*S*rvi**.j*v*` *x**ut** r*w SQL wit* unv*li**t** s***m* n*m*s, *n* *) `**tS***m*` in `S***m*S*rvi**.j*v*` *i*n't prop*rly s*nitiz* t*n*nt-**riv** s***m* n*m*s pr*-*.*.*. T