Lucene search

MitreCVE-2022-38922

HistoryApr 03, 2023 - 3:15 p.m.

CVE-2022-38922

2023-04-0315:15:18

CWE-89

mitre

web.nvd.nist.gov

bluepage cms

mysql injection

http header

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

51.6%

JSON

BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the ‘users-cookie-settings’ token using a Time-based blind SLEEP payload.

Affected configurations

Nvd

Node

iss-oberlausitzbluepage_cmsRange≤3.9

VendorProductVersionCPE
iss-oberlausitzbluepage_cms*cpe:2.3:a:iss-oberlausitz:bluepage_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
iss-oberlausitz	bluepage_cms	*	cpe:2.3:a:iss-oberlausitz:bluepage_cms::::::::

References

github.com/dtssec/CVE-Disclosures/blob/main/CVE-2022-38922_CVE-2022-38923_Bluepage_CMS_SQLi/CVE-2022-38922-BluePage_CMS_3.9.md

www.bluepage-cms.com/index.php

www.iss-oberlausitz.de/index.php

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

51.6%

JSON

Related for CVE-2022-38922