CVE-2022-21644

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
GitHub_MCNA
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Common Weakness Enumeration
References
https://github.com/Aaron-Junker/USOC/commit/06217c66c8f9b114726b21633eabcd88ac9034aa
https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-89jg-6fr3-9q4h
https://github.com/Aaron-Junker/USOC/commit/06217c66c8f9b114726b21633eabcd88ac9034aa
https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-89jg-6fr3-9q4h