CVE-2022-21643
Published: 04 January 2022
Summary
CVE-2022-21643 is a critical-severity SQL Injection (CWE-89) vulnerability in Useful Simple Open-Source Cms Project Useful Simple Open-Source Cms. Its CVSS base score is 10.0 (Critical).
Operationally, ranked in the top 45.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-26867
Vulnerability details
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to…
more
construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.