CVE-2022-3801
MEDIUM EXPLOITEDIBAX go-ibax < 1.4.2 - SQL Injection via /api/v2/open/rowsInfo Order Parameter
Title source: llmExploitation Summary
CVE-2022-3801 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212637 was assigned to this vulnerability.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory
https://github.com/IBAX-io/go-ibax/issues/2062
Third Party Advisory
https://vuldb.com/?id.212637
Scores
CVSS v3
6.3
EPSS
0.3008
EPSS Percentile
98.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
VulnCheck KEV
2023-11-13
CWE
CWE-89
CWE-707
Status
published
Products (2)
ibax/go-ibax
IBAX-io/go-ibax
0 - 1.4.2Go
Published
Nov 01, 2022
Tracked Since
Feb 18, 2026