Lucene search

@huntrdevCVELIST:CVE-2022-0944

HistoryMar 15, 2022 - 1:00 a.m.

CVE-2022-0944 Template injection in connection test endpoint leads to RCE in sqlpad/sqlpad

2022-03-1501:00:15

CWE-1336

@huntrdev

www.cve.org

cve

template injection

rce

github

sqlpad

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

45.7%

JSON

Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1.

CNA Affected

[
  {
    "product": "sqlpad/sqlpad",
    "vendor": "sqlpad",
    "versions": [
      {
        "lessThan": "6.10.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/sqlpad/sqlpad/commit/3f92be386c6cd3e5eba75d85f0700d3ef54daf73

huntr.dev/bounties/46630727-d923-4444-a421-537ecd63e7fb

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

45.7%

JSON

Related for CVELIST:CVE-2022-0944