CVE-2022-036226.01.2022, 13:15SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.SQL InjectionEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST9.8 CRITICALNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H@huntrdevCNA6.7 MEDIUMNETWORKLOWHIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:LCVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 49%VendorProductVersionshowdocshowdoc𝑥< 2.10.3𝑥= Vulnerable software versionsKnown Exploits!https://huntr.dev/bounties/e7c72417-eb8f-416c-8480-be76ac0a9091https://huntr.dev/bounties/e7c72417-eb8f-416c-8480-be76ac0a9091Common Weakness EnumerationCWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.Referenceshttps://github.com/star7th/showdoc/commit/2b34e267e4186125f99bfa420140634ad45801fbhttps://huntr.dev/bounties/e7c72417-eb8f-416c-8480-be76ac0a9091https://github.com/star7th/showdoc/commit/2b34e267e4186125f99bfa420140634ad45801fbhttps://huntr.dev/bounties/e7c72417-eb8f-416c-8480-be76ac0a9091