Impact
An unauthenticated SQL injection exists in Metacat’s /harvesterRegistration endpoint; input is concatenated into an INSERT statement without escaping, allowing attackers to inject arbitrary SQL. Because PostgreSQL permits stacked queries, the flaw provides full read, write, and execution rights within the Metacat database context. The vulnerability combines authentication bypass (CWE‑287) and classic SQL injection (CWE‑89).
Affected Systems
The vulnerable product is NCEAS Metacat. Versions 2.0.0 and later are affected until the issue was remediated in Metacat 3.0.0.
Risk and Exploitability
The CVSS score of 9.8 indicates critical severity. The EPSS score is less than 1 %, suggesting a low but non‑zero probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, and the CVE description does not address known public exploits, so it is unclear whether such exploits exist. Based on the description, the likely attack vector is the open /harvesterRegistration endpoint reachable by any client; an attacker who can send HTTP requests to this endpoint can craft parameters that inject SQL, leading to full read, write, and execution rights within the Metacat database context.
OpenCVE Enrichment