← Volver a CVEs
CVE-2022-21643
CRITICAL10.0
Descripcion
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.
Detalles CVE
Puntuacion CVSS v3.110.0
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/4/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
useful_simple_open-source_cms_project:useful_simple_open-source_cms
Debilidades (CWE)
CWE-89CWE-89
Referencias
https://github.com/Aaron-Junker/USOC/commit/21e8bfd7a9ab0b7f9344a7a3a7c32a7cdd5a0b69(security-advisories@github.com)
https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-fjp4-phjh-jgmc(security-advisories@github.com)
https://github.com/Aaron-Junker/USOC/commit/21e8bfd7a9ab0b7f9344a7a3a7c32a7cdd5a0b69(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-fjp4-phjh-jgmc(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.