CVE-2022-3800
published 2022-11-01CVE-2022-3800: A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file…
PriorityP263high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
2.24%
80.6th percentile
A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212636.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | ibax-io_go-ibax | >= 0 < 1.4.2 | 1.4.2 |
| ibax | go-ibax | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect time-based blind SQL injection attempts against /api/v2/open/rowsInfo by monitoring POST requests where the `table_name` parameter contains SQL metacharacters or sleep/delay payloads (e.g., pg_sleep). ↗
- →A successful exploitation response will return HTTP 200 with Content-Type application/json and body containing the string 'usesysid', indicating pg_user table data was leaked. ↗
- →Alert on POST requests to /api/v2/open/rowsInfo with a response duration >= 6 seconds, which is indicative of a successful time-based SQL injection using pg_sleep(6). ↗
- →The attack requires authentication (PR:L per CVSS), so monitor for authenticated POST requests to the /api/v2/open/rowsInfo endpoint with anomalous table_name values. ↗
- ·The Nuclei template uses a 15-second HTTP timeout to accommodate the pg_sleep(6) delay payload; detection rules based on response time should account for network latency and set thresholds accordingly. ↗
- ·The SQL injection payload is PostgreSQL-specific (pg_sleep, pg_user, usesysid); detection signatures should be scoped to environments running PostgreSQL as the backend database for IBAX go-ibax. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax
osv·2024-06-05
CVE-2022-3800 IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax
IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax
IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax
GHSA
IBAX go-ibax vulnerable to SQL injection
ghsa·2022-11-01
CVE-2022-3800 [HIGH] CWE-89 IBAX go-ibax vulnerable to SQL injection
IBAX go-ibax vulnerable to SQL injection
A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212636.
OSV
IBAX go-ibax vulnerable to SQL injection
osv·2022-11-01
CVE-2022-3800 [HIGH] IBAX go-ibax vulnerable to SQL injection
IBAX go-ibax vulnerable to SQL injection
A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212636.
No detection rules found.
Nuclei
IBAX - SQL Injection
nuclei·CVSS 8.8
CVE-2022-3800 [HIGH] IBAX - SQL Injection
IBAX - SQL Injection
IBAX go-ibax functionality is susceptible to SQL injection via the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to SQL injection, and the attack may be launched remotely. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
Template:
id: CVE-2022-3800
info:
name: IBAX - SQL Injection
author: JC175
severity: high
description: |
IBAX go-ibax functionality is susceptible to SQL injection via the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to SQL injection, and the attack may be launched remotely. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized a
2022-11-01
Published