CVE-2022-3800
MEDIUM NUCLEIIBAX go-ibax < 1.4.2 - SQL Injection via /api/v2/open/rowsInfo table_name Parameter
Title source: llmExploitation Summary
CVE-2022-3800 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212636.
Nuclei Templates (1)
IBAX - SQL Injection
HIGHby JC175
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory
https://github.com/IBAX-io/go-ibax/issues/2061
Third Party Advisory
https://vuldb.com/?id.212636
Scores
CVSS v3
6.3
EPSS
0.0224
EPSS Percentile
80.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-89
CWE-707
Status
published
Products (2)
ibax/go-ibax
IBAX-io/go-ibax
0 - 1.4.2Go
Published
Nov 01, 2022
Tracked Since
Feb 18, 2026