CVE-2022-21643
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.
Published at
2022-01-04
12 days ago
Modified
2022-01-04
12 days ago
2022
Year
The year of the turtle
https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-fjp4-phjh-jgmc
CONFIRM:https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-fjp4-phjh-jgmc
https://github.com/Aaron-Junker/USOC/commit/21e8bfd7a9ab0b7f9344a7a3a7c32a7cdd5a0b69
MISC:https://github.com/Aaron-Junker/USOC/commit/21e8bfd7a9ab0b7f9344a7a3a7c32a7cdd5a0b69
Vulnerability RAW
{
"Title": {
"_text": "CVE-2022-21643"
},
"Notes": {
"Note": [
{
"_text": "USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue."
},
{
"_text": "2022-01-04"
},
{
"_text": "2022-01-04"
}
]
},
"CVE": {
"_text": "CVE-2022-21643"
},
"References": {
"Reference": [
{
"URL": {
"_text": "https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-fjp4-phjh-jgmc"
},
"Description": {
"_text": "CONFIRM:https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-fjp4-phjh-jgmc"
}
},
{
"URL": {
"_text": "https://github.com/Aaron-Junker/USOC/commit/21e8bfd7a9ab0b7f9344a7a3a7c32a7cdd5a0b69"
},
"Description": {
"_text": "MISC:https://github.com/Aaron-Junker/USOC/commit/21e8bfd7a9ab0b7f9344a7a3a7c32a7cdd5a0b69"
}
}
]
}
}