Vulnerability Description
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Useful Simple Open-Source Cms Project | Useful Simple Open-Source Cms | < pb2.4bfx2 |
Related Weaknesses (CWE)
References
- https://github.com/Aaron-Junker/USOC/commit/21e8bfd7a9ab0b7f9344a7a3a7c32a7cdd5aPatchThird Party Advisory
- https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-fjp4-phjh-jgmcThird Party Advisory
- https://github.com/Aaron-Junker/USOC/commit/21e8bfd7a9ab0b7f9344a7a3a7c32a7cdd5aPatchThird Party Advisory
- https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-fjp4-phjh-jgmcThird Party Advisory
FAQ
What is CVE-2022-21643?
CVE-2022-21643 is a vulnerability with a CVSS score of 10.0 (CRITICAL). USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user...
How severe is CVE-2022-21643?
CVE-2022-21643 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-21643?
Check the references section above for vendor advisories and patch information. Affected products include: Useful Simple Open-Source Cms Project Useful Simple Open-Source Cms.