CVE-2022-21644

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-21644
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21644.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-21644
Related
  • GHSA-89jg-6fr3-9q4h
Published
2022-01-04T20:15:07Z
Modified
2025-01-08T14:02:07.668045Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.

References

Affected packages

Git / github.com/aaron-junker/usoc

Affected ranges

Type
GIT
Repo
https://github.com/aaron-junker/usoc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

Pa1.*

Pa1.0Bfx0

Pb1.*

Pb1.0Bfx0
Pb1.0Bfx1
Pb1.0Bfx1,Pre-beta
Pb1.0Bfx2
Pb1.1Bfx0
Pb1.2Bfx0
Pb1.3Bfx0
Pb1.4Bfx0
Pb1.5Bfx0
Pb1.6Bfx0
Pb1.7Bfx0
Pb1.8Bfx0

Pb2.*

Pb2.0Bfx0
Pb2.0Bfx0RCA
Pb2.0Bfx1
Pb2.1Bfx0
Pb2.2Bfx0
Pb2.3Bfx0
Pb2.4Bfx0
Pb2.4Bfx1