cbcvebase.
CVE-2022-3800
published 2022-11-01

CVE-2022-3800: A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file…

PriorityP263high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
2.24%
80.6th percentile
A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212636.

Affected

2 ranges
VendorProductVersion rangeFixed in
github.comibax-io_go-ibax>= 0 < 1.4.21.4.2
ibaxgo-ibax

Detection & IOCsextracted from sources · hover to see the quote

path/api/v2/open/rowsInfo
commandorder=1&table_name=pg_user"%3b+select+pg_sleep(6)%3b+--"&limit=1&page=1
  • Detect time-based blind SQL injection attempts against /api/v2/open/rowsInfo by monitoring POST requests where the `table_name` parameter contains SQL metacharacters or sleep/delay payloads (e.g., pg_sleep).
  • A successful exploitation response will return HTTP 200 with Content-Type application/json and body containing the string 'usesysid', indicating pg_user table data was leaked.
  • Alert on POST requests to /api/v2/open/rowsInfo with a response duration >= 6 seconds, which is indicative of a successful time-based SQL injection using pg_sleep(6).
  • The attack requires authentication (PR:L per CVSS), so monitor for authenticated POST requests to the /api/v2/open/rowsInfo endpoint with anomalous table_name values.
  • ·The Nuclei template uses a 15-second HTTP timeout to accommodate the pg_sleep(6) delay payload; detection rules based on response time should account for network latency and set thresholds accordingly.
  • ·The SQL injection payload is PostgreSQL-specific (pg_sleep, pg_user, usesysid); detection signatures should be scoped to environments running PostgreSQL as the backend database for IBAX go-ibax.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.