CVE-2022-38118

HIGH

OAKlouds Portal 2.0-<2.0-163 - Authenticated SQL Injection via Meeting Room Input

Title source: llm
STIX 2.1

Description

OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-6461-25c4b-1.html

Scores

CVSS v3 8.8
EPSS 0.0136
EPSS Percentile 68.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
hgiga/oaklouds_portal 2.0 - 2.0-163
Published Aug 30, 2022
Tracked Since Feb 18, 2026