CVE-2022-38118

EUVD-2022-40720
OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
twcertCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
hgigaoaklouds_portal
2.0 ≤
𝑥
≤ 2.0-163
hgigaoaklouds_portal
3.0 ≤
𝑥
≤ 3.0-163
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.chtsecurity.com/news/0a893178-5c64-4f1c-87f1-95cbf1e17c87
https://www.twcert.org.tw/tw/cp-132-6461-25c4b-1.html
https://www.chtsecurity.com/news/0a893178-5c64-4f1c-87f1-95cbf1e17c87
https://www.twcert.org.tw/tw/cp-132-6461-25c4b-1.html