CVE-2022-2067 SQL Injection in francoisjacquet/rosariosis

2022-06-1312:20:13

CWE-89

@huntrdev

www.cve.org

cve-2022-2067

github repository

sql injection

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

48.4%

JSON

SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0.

CNA Affected

[
  {
    "product": "francoisjacquet/rosariosis",
    "vendor": "francoisjacquet",
    "versions": [
      {
        "lessThan": "9.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]