Lucene search

GoogleOSV:CVE-2022-23046

HistoryJan 19, 2022 - 9:15 p.m.

CVE-2022-23046

2022-01-1921:15:09

Google

osv.dev

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.041 Low

EPSS

Percentile

92.0%

JSON

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the “subnet” parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php

CPENameOperatorVersion
phpipameq1.4.0
phpipameq1.4.2
phpipameq1.3.0
phpipameq1.3.2
phpipameq1.4.3
phpipameq1.4.1
phpipameq1.19.008
phpipameq1.2.0_beta2
phpipameq1.4.4
phpipameq1.16.003

Name	Operator	Version
phpipam	eq	1.4.0
phpipam	eq	1.4.2
phpipam	eq	1.3.0
phpipam	eq	1.3.2
phpipam	eq	1.4.3
phpipam	eq	1.4.1
phpipam	eq	1.19.008
phpipam	eq	1.2.0_beta2
phpipam	eq	1.4.4
phpipam	eq	1.16.003

Rows per page:

1-10 of 111

References

packetstormsecurity.com/files/165683/PHPIPAM-1.4.4-SQL-Injection.html

fluidattacks.com/advisories/mercury/

github.com/phpipam/phpipam/releases/tag/v1.4.5

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.041 Low

EPSS

Percentile

92.0%

JSON

Related for OSV:CVE-2022-23046