Lucene search

[email protected]NVD:CVE-2022-36529

HistoryAug 26, 2022 - 7:15 p.m.

CVE-2022-36529

2022-08-2619:15:07

CWE-89

[email protected]

web.nvd.nist.gov

kensite cms

sql injection

dbmapper

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

37.1%

JSON

Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml.

Affected configurations

Nvd

Node

kensite_cms_projectkensite_cmsMatch1.0

VendorProductVersionCPE
kensite_cms_projectkensite_cms1.0cpe:2.3:a:kensite_cms_project:kensite_cms:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kensite_cms_project	kensite_cms	1.0	cpe:2.3:a:kensite_cms_project:kensite_cms:1.0:::::::*

References

github.com/seeyoui/kensite_cms

github.com/xdon9/xdon/blob/main/kensite_cms

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

37.1%

JSON

Related for NVD:CVE-2022-36529

cve1 prion1 cvelist1