Lucene search

[email protected]CVE-2022-36030

HistoryAug 20, 2022 - 12:15 a.m.

CVE-2022-36030

2022-08-2000:15:42

CWE-89

[email protected]

web.nvd.nist.gov

project-nexus

sql injection

security

vulnerability

website framework

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.0%

JSON

Project-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are advised to restrict user input and to upgrade when a new release becomes available.

Affected configurations

Vulners

NVD

Node

vinsdragonisproject_nexusRange≤1.0.1

CPENameOperatorVersion
project-nexus_project:project-nexusproject-nexus project project-nexuseq1.0.1

CPE	Name	Operator	Version
project-nexus_project:project-nexus	project-nexus project project-nexus	eq	1.0.1

CNA Affected

[
  {
    "product": "Project-Nexus",
    "vendor": "vinsdragonis",
    "versions": [
      {
        "status": "affected",
        "version": "<= 1.0.1"
      }
    ]
  }
]

References

github.com/vinsdragonis/Project-Nexus/security/advisories/GHSA-3pv7-25cc-mjvv

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.0%

JSON

Related for CVE-2022-36030

cvelist1 nvd1 prion1 osv1