CVE-2022-3801

Опубликовано: 01 нояб. 2022

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

EPSS Низкий

Описание

A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212637 was assigned to this vulnerability.

Ссылки

https://github.com/IBAX-io/go-ibax/issues/2062
Issue Tracking
Third Party Advisory
https://vuldb.com/?id.212637
Third Party Advisory
https://github.com/IBAX-io/go-ibax/issues/2062
Issue Tracking
Third Party Advisory
https://vuldb.com/?id.212637
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibax:go-ibax:-:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01956

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-707

CWE-89

Связанные уязвимости

GHSA-m738-584h-26p6

CVSS3: 8.8

github

больше 3 лет назад

IBAX go-ibax vulnerable to SQL injection

EPSS

Процентиль: 83%

0.01956

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-707

CWE-89