CVE-2022-39303

HIGH

ree6 < 1.7.0 - SQL Injection

Title source: llm
STIX 2.1

Description

Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds.

References (2)

Core 2

Scores

CVSS v3 8.1
EPSS 0.0070
EPSS Percentile 49.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
ree6/ree6 < 1.7.0
Published Oct 13, 2022
Tracked Since Feb 18, 2026