Vulnerability Description
A vulnerability classified as critical was found in visegripped Stracker. Affected by this vulnerability is the function getHistory of the file doc_root/public_html/stracker/api.php. The manipulation of the argument symbol/startDate/endDate leads to sql injection. The identifier of the patch is 63e1b040373ee5b6c7d1e165ecf5ae1603d29e0a. It is recommended to apply a patch to fix this issue. The identifier VDB-218377 was assigned to this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Stracker Project | Stracker | < 2022-04-09 |
Related Weaknesses (CWE)
References
- https://github.com/visegripped/stracker/commit/63e1b040373ee5b6c7d1e165ecf5ae160Patch
- https://github.com/visegripped/stracker/pull/16Patch
- https://vuldb.com/?ctiid.218377Permissions Required
- https://vuldb.com/?id.218377Permissions Required
- https://github.com/visegripped/stracker/commit/63e1b040373ee5b6c7d1e165ecf5ae160Patch
- https://github.com/visegripped/stracker/pull/16Patch
- https://vuldb.com/?ctiid.218377Permissions Required
- https://vuldb.com/?id.218377Permissions Required
FAQ
What is CVE-2022-4889?
CVE-2022-4889 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A vulnerability classified as critical was found in visegripped Stracker. Affected by this vulnerability is the function getHistory of the file doc_root/public_html/stracker/api.php. The manipulation ...
How severe is CVE-2022-4889?
CVE-2022-4889 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-4889?
Check the references section above for vendor advisories and patch information. Affected products include: Stracker Project Stracker.