// For flags

CVE-2022-4860

KBase Metrics methods_upload_user_stats.py upload_user_data sql injection

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability was found in KBase Metrics. It has been classified as critical. This affects the function upload_user_data of the file source/daily_cron_jobs/methods_upload_user_stats.py. The manipulation leads to sql injection. The patch is named 959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217059.

Se encontró una vulnerabilidad en KBase Metrics. Ha sido clasificada como crítica. Esto afecta la función upload_user_data del archivo source/daily_cron_jobs/methods_upload_user_stats.py. La manipulación conduce a la inyección de SQL. El nombre del parche es 959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-217059.

Es wurde eine Schwachstelle in KBase Metrics ausgemacht. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion upload_user_data der Datei source/daily_cron_jobs/methods_upload_user_stats.py. Durch das Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.

*Credits: VulDB GitHub Commit Analyzer
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-12-30 CVE Reserved
  • 2022-12-30 CVE Published
  • 2024-07-22 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Kbase
Search vendor "Kbase"
 Metrics
Search vendor "Kbase" for product "Metrics"
 < 2022-05-22
Search vendor "Kbase" for product "Metrics" and version " < 2022-05-22"
-
Affected