CVE-2022-3802
published 2022-11-01CVE-2022-3802: A vulnerability has been found in IBAX go-ibax and classified as critical. This vulnerability affects unknown code of the file /api/v2/open/rowsInfo. The…
PriorityP351high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.51%
39.3th percentile
A vulnerability has been found in IBAX go-ibax and classified as critical. This vulnerability affects unknown code of the file /api/v2/open/rowsInfo. The manipulation of the argument where leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212638 is the identifier assigned to this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | ibax-io_go-ibax | >= 0 < 1.4.2 | 1.4.2 |
| ibax | go-ibax | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax
osv·2024-06-05
CVE-2022-3802 IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax
IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax
IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax
GHSA
IBAX go-ibax vulnerable to SQL injection
ghsa·2022-11-01
CVE-2022-3802 [HIGH] CWE-89 IBAX go-ibax vulnerable to SQL injection
IBAX go-ibax vulnerable to SQL injection
SQL Injection vulnerability in `/packages/api/database.go` of go-ibax via `where` parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects versions starting from commits on Jul 18, 2020.
OSV
IBAX go-ibax vulnerable to SQL injection
osv·2022-11-01
CVE-2022-3802 [HIGH] IBAX go-ibax vulnerable to SQL injection
IBAX go-ibax vulnerable to SQL injection
SQL Injection vulnerability in `/packages/api/database.go` of go-ibax via `where` parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects versions starting from commits on Jul 18, 2020.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-01
Published