CVE-2022-1531

SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in rtxteam/rtx

CVSS 10 CRITICALEPSS 3.5%CWE-89

Vexday Risk Score

28Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 10EPSS 3.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

29 abr 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Produtos afetados

rtxteam · rtxteam/rtx

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/rtxteam/rtx/commit/fa2797e656e3dba18f990a2db1f0f029d41f1921 https://huntr.dev/bounties/fc4eb544-ef1e-412d-9fdb-0ceb04e038fe