CVE-2022-21666 - OpenCVE

Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file `admin/pages/useredit.php` with a newer version. USOC version Pb2.4Bfx3 contains a fixed version of `admin/pages/useredit.php`.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Useful Simple Open-source Cms Project	Useful Simple Open-source Cms

Configuration 1 [-]

cpe:2.3:a:useful_simple_open-source_cms_project:useful_simple_open-source_cms:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/Aaron-Junker/USOC/commit/c331d26aaab41a7e9e8c1c1a990132dca9d01e10
https://github.com/Aaron-Junker/USOC/releases/tag/Pb2.4Bfx3
https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-557p-hhpc-4wrx

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-01-10T20:00:12

Updated: 2024-08-03T02:46:39.223Z

Reserved: 2021-11-16T00:00:00

Link: CVE-2022-21666

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-01-10T20:15:08.247

Modified: 2022-01-19T13:16:20.343

Link: CVE-2022-21666

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "USOC", "vendor": "Aaron-Junker", "versions": [{"status": "affected", "version": "< Pb2.4Bfx3"}]}], "descriptions": [{"lang": "en", "value": "Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file `admin/pages/useredit.php` with a newer version. USOC version Pb2.4Bfx3 contains a fixed version of `admin/pages/useredit.php`."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-10T20:00:12", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-557p-hhpc-4wrx"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Aaron-Junker/USOC/commit/c331d26aaab41a7e9e8c1c1a990132dca9d01e10"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Aaron-Junker/USOC/releases/tag/Pb2.4Bfx3"}], "source": {"advisory": "GHSA-557p-hhpc-4wrx", "discovery": "UNKNOWN"}, "title": " SQL Injection in useredit.php", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-21666", "STATE": "PUBLIC", "TITLE": " SQL Injection in useredit.php"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "USOC", "version": {"version_data": [{"version_value": "< Pb2.4Bfx3"}]}}]}, "vendor_name": "Aaron-Junker"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file `admin/pages/useredit.php` with a newer version. USOC version Pb2.4Bfx3 contains a fixed version of `admin/pages/useredit.php`."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-557p-hhpc-4wrx", "refsource": "CONFIRM", "url": "https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-557p-hhpc-4wrx"}, {"name": "https://github.com/Aaron-Junker/USOC/commit/c331d26aaab41a7e9e8c1c1a990132dca9d01e10", "refsource": "MISC", "url": "https://github.com/Aaron-Junker/USOC/commit/c331d26aaab41a7e9e8c1c1a990132dca9d01e10"}, {"name": "https://github.com/Aaron-Junker/USOC/releases/tag/Pb2.4Bfx3", "refsource": "MISC", "url": "https://github.com/Aaron-Junker/USOC/releases/tag/Pb2.4Bfx3"}]}, "source": {"advisory": "GHSA-557p-hhpc-4wrx", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:46:39.223Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-557p-hhpc-4wrx"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Aaron-Junker/USOC/commit/c331d26aaab41a7e9e8c1c1a990132dca9d01e10"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Aaron-Junker/USOC/releases/tag/Pb2.4Bfx3"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-21666", "datePublished": "2022-01-10T20:00:12", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2024-08-03T02:46:39.223Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:useful_simple_open-source_cms_project:useful_simple_open-source_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C502D7C-5600-4007-AEA6-18665F44F6D4", "versionEndExcluding": "pb2.4bfx3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file `admin/pages/useredit.php` with a newer version. USOC version Pb2.4Bfx3 contains a fixed version of `admin/pages/useredit.php`."}, {"lang": "es", "value": "Useful Simple Open-Source CMS (USOC) es un sistema de administraci\u00f3n de contenidos (CMS) para programadores. Las versiones anteriores a Pb2.4Bfx3, permit\u00edan una inyecci\u00f3n de Sql en el archivo usersearch.php s\u00f3lo para usuarios con privilegios administrativos. Los usuarios deben sustituir el archivo \"admin/pages/useredit.php\" por una versi\u00f3n m\u00e1s reciente. La versi\u00f3n Pb2.4Bfx3 de USOC contiene una versi\u00f3n corregida de \"admin/pages/useredit.php\""}], "id": "CVE-2022-21666", "lastModified": "2022-01-19T13:16:20.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-01-10T20:15:08.247", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Aaron-Junker/USOC/commit/c331d26aaab41a7e9e8c1c1a990132dca9d01e10"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/Aaron-Junker/USOC/releases/tag/Pb2.4Bfx3"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-557p-hhpc-4wrx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Secondary"}]}