Vulnerability Description
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Useful Simple Open-Source Cms Project | Useful Simple Open-Source Cms | < pb2.4bfx2 |
Related Weaknesses (CWE)
References
- https://github.com/Aaron-Junker/USOC/commit/06217c66c8f9b114726b21633eabcd88ac90PatchThird Party Advisory
- https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-89jg-6fr3-9q4hThird Party Advisory
- https://github.com/Aaron-Junker/USOC/commit/06217c66c8f9b114726b21633eabcd88ac90PatchThird Party Advisory
- https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-89jg-6fr3-9q4hThird Party Advisory
FAQ
What is CVE-2022-21644?
CVE-2022-21644 is a vulnerability with a CVSS score of 9.1 (CRITICAL). USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used dire...
How severe is CVE-2022-21644?
CVE-2022-21644 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-21644?
Check the references section above for vendor advisories and patch information. Affected products include: Useful Simple Open-Source Cms Project Useful Simple Open-Source Cms.