CVE-2022-21644
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.
Published at
2022-01-04
12 days ago
Modified
2022-01-04
12 days ago
2022
Year
The year of the turtle
https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-89jg-6fr3-9q4h
CONFIRM:https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-89jg-6fr3-9q4h
https://github.com/Aaron-Junker/USOC/commit/06217c66c8f9b114726b21633eabcd88ac9034aa
MISC:https://github.com/Aaron-Junker/USOC/commit/06217c66c8f9b114726b21633eabcd88ac9034aa
Vulnerability RAW
{
"Title": {
"_text": "CVE-2022-21644"
},
"Notes": {
"Note": [
{
"_text": "USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. There are not workarounds for this issue."
},
{
"_text": "2022-01-04"
},
{
"_text": "2022-01-04"
}
]
},
"CVE": {
"_text": "CVE-2022-21644"
},
"References": {
"Reference": [
{
"URL": {
"_text": "https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-89jg-6fr3-9q4h"
},
"Description": {
"_text": "CONFIRM:https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-89jg-6fr3-9q4h"
}
},
{
"URL": {
"_text": "https://github.com/Aaron-Junker/USOC/commit/06217c66c8f9b114726b21633eabcd88ac9034aa"
},
"Description": {
"_text": "MISC:https://github.com/Aaron-Junker/USOC/commit/06217c66c8f9b114726b21633eabcd88ac9034aa"
}
}
]
}
}