CVE-2022-21643

CRITICAL

useful_simple_open-source_cms < pb2.4bfx2 - SQL Injection via register.php

Title source: llm
STIX 2.1

Description

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.

References (2)

Core 2

Scores

CVSS v3 10.0
EPSS 0.0120
EPSS Percentile 64.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
useful_simple_open-source_cms_project/useful_simple_open-source_cms < pb2.4bfx2
Published Jan 04, 2022
Tracked Since Feb 18, 2026