Vulnerability Description
BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iss-Oberlausitz | Bluepage Cms | <= 3.9 |
Related Weaknesses (CWE)
References
- https://github.com/dtssec/CVE-Disclosures/blob/main/CVE-2022-38922_CVE-2022-3892ExploitThird Party Advisory
- https://www.bluepage-cms.com/index.phpProduct
- https://www.iss-oberlausitz.de/index.phpVendor Advisory
- https://github.com/dtssec/CVE-Disclosures/blob/main/CVE-2022-38922_CVE-2022-3892ExploitThird Party Advisory
- https://www.bluepage-cms.com/index.phpProduct
- https://www.iss-oberlausitz.de/index.phpVendor Advisory
FAQ
What is CVE-2022-38923?
CVE-2022-38923 is a vulnerability with a CVSS score of 9.8 (CRITICAL). BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload.
How severe is CVE-2022-38923?
CVE-2022-38923 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-38923?
Check the references section above for vendor advisories and patch information. Affected products include: Iss-Oberlausitz Bluepage Cms.