Back to KEVs

CVE-2022-3801

IBAX go-ibax rowsInfo sql injection

Basic Information

CVE State
PUBLISHED
Reserved Date
November 01, 2022
Published Date
November 01, 2022
Last Updated
August 03, 2024
Vendor
IBAX
Product
go-ibax
Description
A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212637 was assigned to this vulnerability.

CVSS Scores

CVSS v3.1

6.3 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score

Score
2.69% (Percentile: 85.20%) as of 2025-06-02

Exploit Status

Exploited in the Wild
Yes (2025-05-05 00:00:00 UTC) Source

References

https://github.com/IBAX-io/go-ibax/issues/2062 https://vuldb.com/?id.212637

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-05-05 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel