CVE-2022-1064SQL Injection in Forkcms

CWE-89SQL InjectionCWE-59Link FollowingCWE-78OS Command InjectionCWE-94Code InjectionCWE-77Command Injection7 documents5 sources
Severity
8.8HIGHNVD
GHSA7.8CISA7.8
EPSS
0.3%
top 46.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Forkcms ForkcmsFork-cms Fork CMSForkcms+3 more
Timeline
PublishedMar 25
Latest updateJul 6

Description

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

Packagistforkcms/forkcms< 5.11.1
NVDfork-cms/fork_cms< 5.11.1
CVEListV5forkcms/forkcms_forkcmsunspecified5.11.1
npmsnyk/snyk_cli< 1.1064.0

Patches

Patch: github.comPatch: huntr.devPatch: github.com

🔴Vulnerability Details

4
GHSA
snyk Code Injection vulnerability2023-07-06
GHSA
Snyk plugins vulnerable to Command Injection2022-11-30
GHSA
SQL Injection in Fork CMS2022-03-26
OSV
SQL Injection in Fork CMS2022-03-26

📋Vendor Advisories

2
Red Hat
snyk: snyk-hex-plugin: command injection2022-11-30
CISA
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability2022-03-15
CVE-2022-1064 — SQL Injection in Forkcms Forkcms | cvebase