CVE-2022-0495 - OpenCVE

The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Parantezteknoloji	Koha Library Automation

Configuration 1 [-]

cpe:2.3:a:parantezteknoloji:koha_library_automation:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-22-0635

History

Tue, 17 Sep 2024 01:00:00 +0000

Type	Values Removed	Values Added
Description	The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.	The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.
Title	SQL Injection in KOHA	SQL Injection in KOHA

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2022-09-21T08:45:20.355057Z

Updated: 2024-09-17T00:51:12.086Z

Reserved: 2022-02-04T00:00:00

Link: CVE-2022-0495

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-21T09:15:09.187

Modified: 2024-09-17T01:15:49.137

Link: CVE-2022-0495

Redhat

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Parantez Teknoloji", "vendor": "Parantez Teknoloji", "versions": [{"lessThan": "19.05.03", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bartu Utku Sarp"}], "datePublic": "2022-09-20T21:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.</p>"}], "value": "The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01."}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-09-03T15:52:28.115Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.usom.gov.tr/bildirim/tr-22-0635"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Vulnerable KOHA module should be updated to the 19.05.03.01 version provided by the vendor. </p>"}], "value": "Vulnerable KOHA module should be updated to the 19.05.03.01 version provided by the vendor."}], "source": {"advisory": "TR-22-0635", "defect": ["TR-22-0635"], "discovery": "EXTERNAL"}, "title": "SQL Injection in KOHA", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@usom.gov.tr", "DATE_PUBLIC": "2022-09-21T08:00:00.000Z", "ID": "CVE-2022-0495", "STATE": "PUBLIC", "TITLE": "SQL Injection in KOHA"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Parantez Teknoloji", "version": {"version_data": [{"version_affected": "<", "version_value": "19.05.03"}]}}]}, "vendor_name": "Parantez Teknoloji"}]}}, "credit": [{"lang": "eng", "value": "Bartu Utku Sarp"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89 SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://www.usom.gov.tr/bildirim/tr-22-0635", "refsource": "CONFIRM", "url": "https://www.usom.gov.tr/bildirim/tr-22-0635"}]}, "solution": [{"lang": "en", "value": "Vulnerable KOHA module should be updated to the 19.05.03.01 version provided by the vendor."}], "source": {"advisory": "TR-22-0635", "defect": ["TR-22-0635"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:32:46.187Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.usom.gov.tr/bildirim/tr-22-0635"}]}]}, "cveMetadata": {"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "assignerShortName": "TR-CERT", "cveId": "CVE-2022-0495", "datePublished": "2022-09-21T08:45:20.355057Z", "dateReserved": "2022-02-04T00:00:00", "dateUpdated": "2024-09-17T00:51:12.086Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:parantezteknoloji:koha_library_automation:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0536BE0-8CF1-47AB-B054-4F0F488AE5A4", "versionEndExcluding": "19.05.03.01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01."}, {"lang": "es", "value": "El producto del sistema de automatizaci\u00f3n de bibliotecas KOHA desarrollado por Parantez Teknoloji versiones anteriores a 19.05.03, presenta una vulnerabilidad de inyecci\u00f3n SQL no autenticada. Esto ha sido corregido en versi\u00f3n 19.05.03.01"}], "id": "CVE-2022-0495", "lastModified": "2024-09-17T01:15:49.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.5, "source": "iletisim@usom.gov.tr", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2022-09-21T09:15:09.187", "references": [{"source": "iletisim@usom.gov.tr", "tags": ["Third Party Advisory"], "url": "https://www.usom.gov.tr/bildirim/tr-22-0635"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "iletisim@usom.gov.tr", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Secondary"}]}