CVE-2022-0944

HIGH

sqlpad < 6.10.1 - Remote Code Execution via Template Injection in Connection Test Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 10 public exploits for CVE-2022-0944. PoCs published by 0xRoqeeb, shhrew, FlojBoj.

AI-analyzed exploit summary This repository contains a Python-based exploit for CVE-2022-0944, targeting SQLPad's `/api/test-connection` endpoint to achieve blind RCE via a crafted payload. The exploit sends a reverse shell to a specified attacker IP and port.

Description

Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1.

Exploits (10)

nomisec WORKING POC 9 stars
by 0xRoqeeb · poc
https://github.com/0xRoqeeb/sqlpad-rce-exploit-CVE-2022-0944

This repository contains a Python-based exploit for CVE-2022-0944, targeting SQLPad's `/api/test-connection` endpoint to achieve blind RCE via a crafted payload. The exploit sends a reverse shell to a specified attacker IP and port.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SQLPad versions up to (excluding) 6.10.1
No auth needed
Prerequisites: Python 3.x · requests library · Netcat listener setup on attacker's machine
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 7 stars
by shhrew · poc
https://github.com/shhrew/CVE-2022-0944

This is a functional proof-of-concept exploit for CVE-2022-0944, targeting SQLPad's RCE vulnerability via the test-connection API endpoint. It leverages a reverse shell payload executed through a crafted name parameter in the API request.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SQLPad 6.10.0
Auth required
Prerequisites: Network access to SQLPad instance · Valid credentials (optional but recommended)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 5 stars
by FlojBoj · poc
https://github.com/FlojBoj/CVE-2022-0944

This exploit leverages a template injection vulnerability in SQLPad to achieve remote command execution. The PoC sends a crafted JSON payload to the `/api/test-connection` endpoint, injecting a Node.js child process execution command.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SQLPad <= 6.10.0
Auth required
Prerequisites: Valid credentials for SQLPad · Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by Robocopsita · poc
https://github.com/Robocopsita/CVE-2022-0944_RCE_POC

This repository contains a functional proof-of-concept exploit for CVE-2022-0944, targeting SQLPad. The exploit leverages a remote code execution vulnerability by injecting a reverse shell payload via the API endpoint.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SQLPad
No auth needed
Prerequisites: Network access to the target SQLPad instance · Listener setup on the attacker's machine
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by LipeOzyy · poc
https://github.com/LipeOzyy/SQLPad-RCE-Exploit-CVE-2022-0944

This PHP exploit targets CVE-2022-0944 in SQLPad, leveraging a template injection vulnerability to execute arbitrary commands and establish a reverse shell. The payload injects a Node.js child_process.exec call to spawn a bash reverse shell.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SQLPad (versions prior to fix for CVE-2022-0944)
No auth needed
Prerequisites: PHP CLI · PHP cURL library · Netcat listener
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by Artemisxxx37 · poc
https://github.com/Artemisxxx37/OverlayFS-PrivEsc-CVE-2022-0944

This repository contains a functional privilege escalation exploit for CVE-2022-0944, targeting a vulnerability in the Linux kernel's OverlayFS subsystem. The exploit leverages improper file handling to escalate privileges, with a detailed README providing mitigation steps and detection methods.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Linux Kernel (OverlayFS) versions 5.8 to 5.16.11
No auth needed
Prerequisites: Local access to a vulnerable Linux system with OverlayFS mounted · Python environment for the exploit script
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by toneillcodes · poc
https://github.com/toneillcodes/CVE-2022-0944

This is a functional PoC for CVE-2022-0944, an RCE vulnerability in SQLPad. It exploits a server-side template injection flaw to execute arbitrary commands, demonstrated via a reverse shell payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SQLPad (versions prior to fix for CVE-2022-0944)
No auth needed
Prerequisites: Network access to the SQLPad API endpoint · Listener set up for reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by NeoArtemis37 · poc
https://github.com/NeoArtemis37/OverlayFS-PrivEsc-CVE-2022-0944

The repository contains a functional exploit for CVE-2022-0944, targeting a privilege escalation vulnerability in OverlayFS. The exploit leverages crafted file operations to gain root privileges on affected Linux kernels (5.8 <= kernel < 5.16.12).

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Linux Kernel OverlayFS (5.8 <= kernel < 5.16.12)
No auth needed
Prerequisites: Local access to the system · OverlayFS mounted · Vulnerable kernel version
devstral-2 · analyzed Apr 10, 2026 Full analysis →
nomisec WORKING POC
by 0xDTC · poc
https://github.com/0xDTC/SQLPad-6.10.0-Exploit-CVE-2022-0944

This Bash script exploits CVE-2022-0944 in SQLPad 6.10.0 by injecting malicious commands into the MySQL connection settings, leveraging Node.js `child_process` to achieve remote code execution (RCE) via a reverse shell.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SQLPad 6.10.0
No auth needed
Prerequisites: Netcat listener on attacker's machine · Network access to vulnerable SQLPad instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by Philip-Otter · poc
https://github.com/Philip-Otter/CVE-2022-0944_RCE_Automation

This is a functional PoC exploit for CVE-2022-0944, which leverages a template injection vulnerability in the target software to achieve remote code execution (RCE). The exploit automates the process by sending a malicious payload to the API endpoint and optionally setting up a listener to capture command output.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unknown (likely a web application with API endpoints)
No auth needed
Prerequisites: Network access to the target API endpoint · Python 3.11.9 or similar environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/46630727-d923-4444-a421-537ecd63e7fb

Scores

CVSS v3 7.2
EPSS 0.7297
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-1336 CWE-94
Status published
Products (1)
sqlpad/sqlpad < 6.10.1
Published Mar 15, 2022
Tracked Since Feb 18, 2026