Skip to main content

Opencats CVE-2022-43023

MEDIUM
SQL Injection (CWE-89)
2022-10-19 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 19, 2022 - 18:15 nvd
MEDIUM 6.5

DescriptionNVD

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.

AnalysisAI

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. Affected products include: Opencats.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2022-43019 CRITICAL POC
9.8 Oct 19

OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax fu

CVE-2021-41560 CRITICAL POC
9.8 Dec 15

OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUti

CVE-2021-25294 CRITICAL POC
9.8 Jan 18

OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. Rated cr

CVE-2026-27760 CRITICAL POC
9.2 Apr 28

Remote code execution in OpenCATS installer allows unauthenticated attackers to inject and execute arbitrary PHP code by

CVE-2019-13358 HIGH POC
7.5 Jul 05

lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying opera

CVE-2022-43022 MEDIUM POC
6.5 Oct 19

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion func

CVE-2022-43021 MEDIUM POC
6.5 Oct 19

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable. Rated medium se

CVE-2022-43020 MEDIUM POC
6.5 Oct 19

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update functi

CVE-2023-27293 MEDIUM POC
6.1 Feb 28

Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javas

CVE-2022-43018 MEDIUM POC
6.1 Oct 19

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter i

CVE-2022-43017 MEDIUM POC
6.1 Oct 19

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile compone

CVE-2022-43016 MEDIUM POC
6.1 Oct 19

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback componen

Share

CVE-2022-43023 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy