CVE-2022-21644

Опубликовано: 04 янв. 2022

Источник: nvd

CVSS3: 9.1

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.

Ссылки

https://github.com/Aaron-Junker/USOC/commit/06217c66c8f9b114726b21633eabcd88ac9034aa
Patch
Third Party Advisory
https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-89jg-6fr3-9q4h
Third Party Advisory
https://github.com/Aaron-Junker/USOC/commit/06217c66c8f9b114726b21633eabcd88ac9034aa
Patch
Third Party Advisory
https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-89jg-6fr3-9q4h
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:useful_simple_open-source_cms_project:useful_simple_open-source_cms:*:*:*:*:*:*:*:*

Версия до pb2.4bfx2 (исключая)

EPSS

Процентиль: 51%

0.00274

Низкий

9.1 Critical

CVSS3

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

EPSS

Процентиль: 51%

0.00274

Низкий

9.1 Critical

CVSS3

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89