KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

PRO Back to KEVs

6.3

CVSS
Medium

CVE-2022-3801

PUBLISHED

IBAX go-ibax rowsInfo sql injection

Exploited in the wild Remote Low complexity No user interaction

Vendor: IBAX
Product: go-ibax
Published: Nov 01, 2022
EPSS: 2.8% · 86% pctl

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot sensor data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212637 was assigned to this vulnerability.

Weaknesses (CWE)

CWE-707

Improper Neutralization
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSS scores

CVSS v3.1 6.3 Medium

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitation status

Exploited in the wild

Recorded 2026-06-07 00:00:00 UTC · The Shadowserver (via CIRCL)

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
The Shadowserver (via CIRCL) First	2026-06-07 00:00 UTC

Timeline

CVE ID Reserved

2022-11-01 00:00 UTC
CVE Published to Public

2022-11-01 00:00 UTC
Added to KEVIntel

2026-06-07 00:00 UTC