CVE-2022-39303

Sažetak

Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds.

Reference

https://github.com/Ree6-Applications/Ree6/compare/1.6.4...1.7.
https://github.com/Ree6-Applications/Ree6/security/advisories/GHSA-69xv-xjfw-4pv8

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	-

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

17-10-2022 - 13:46

Objavljeno

13-10-2022 - 23:15