CVE-2022-1531
CRITICALrtx < 2022-04-20 - SQL Injection in ARAX-UI Synonym Lookup
Title source: llmDescription
SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/fc4eb544-ef1e-412d-9fdb-0ceb04e038fe
Patch, Third Party Advisory x_refsource_misc
https://github.com/rtxteam/rtx/commit/fa2797e656e3dba18f990a2db1f0f029d41f1921
Scores
CVSS v3
9.8
EPSS
0.0348
EPSS Percentile
87.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
rtx_project/rtx
< 2022-04-20
Published
Apr 29, 2022
Tracked Since
Feb 18, 2026