CVE-2022-21666
SQL Injection in useredit.php
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file `admin/pages/useredit.php` with a newer version. USOC version Pb2.4Bfx3 contains a fixed version of `admin/pages/useredit.php`.
Useful Simple Open-Source CMS (USOC) es un sistema de administración de contenidos (CMS) para programadores. Las versiones anteriores a Pb2.4Bfx3, permitían una inyección de Sql en el archivo usersearch.php sólo para usuarios con privilegios administrativos. Los usuarios deben sustituir el archivo "admin/pages/useredit.php" por una versión más reciente. La versión Pb2.4Bfx3 de USOC contiene una versión corregida de "admin/pages/useredit.php"
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-11-16 CVE Reserved
- 2022-01-10 CVE Published
- 2023-08-03 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://github.com/Aaron-Junker/USOC/releases/tag/Pb2.4Bfx3 | Release Notes | |
| https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-557p-hhpc-4wrx | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/Aaron-Junker/USOC/commit/c331d26aaab41a7e9e8c1c1a990132dca9d01e10 | 2022-01-19 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Useful Simple Open-source Cms Project Search vendor "Useful Simple Open-source Cms Project" | Useful Simple Open-source Cms Search vendor "Useful Simple Open-source Cms Project" for product "Useful Simple Open-source Cms" | < pb2.4bfx3 Search vendor "Useful Simple Open-source Cms Project" for product "Useful Simple Open-source Cms" and version " < pb2.4bfx3" | - |
Affected
| ||||||