Lucene search

TwcertCVELIST:CVE-2022-38118

HistoryAug 30, 2022 - 12:00 a.m.

CVE-2022-38118 HGiga OAKlouds - SQL Injection

2022-08-3000:00:00

CWE-89

twcert

www.cve.org

oaklouds

portal

meeting room

sql injection

vulnerability

remote attacker

user privilege

database

system operations

service disruption

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.7%

JSON

OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service.

CNA Affected

[
  {
    "platforms": [
      "OAKlouds-mol_metting-2.0"
    ],
    "product": "OAKlouds",
    "vendor": "HGiga",
    "versions": [
      {
        "lessThanOrEqual": "OAKlouds-mol_metting-2.0-163",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "OAKlouds-mol_metting-3.0"
    ],
    "product": "OAKlouds",
    "vendor": "HGiga",
    "versions": [
      {
        "lessThanOrEqual": "OAKlouds-mol_metting-3.0-163",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.chtsecurity.com/news/0a893178-5c64-4f1c-87f1-95cbf1e17c87

www.twcert.org.tw/tw/cp-132-6461-25c4b-1.html

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.7%

JSON

Related for CVELIST:CVE-2022-38118