CVE-2022-1531

Source
https://cve.org/CVERecord?id=CVE-2022-1531
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1531.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-1531
Published
2022-04-29T09:10:10Z
Modified
2026-04-10T04:43:08.831843Z
Severity
  • 10.0 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in rtxteam/rtx
Details

SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1531.json",
    "cna_assigner": "@huntrdev",
    "cwe_ids": [
        "CWE-89"
    ]
}
References

Affected packages

Git / github.com/rtxteam/rtx

Affected ranges

Type
GIT
Repo
https://github.com/rtxteam/rtx
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*
0.1
KG2.*
KG2.5.2
KG2.6.0
Other
checkpoint_2022-01-26
checkpoint_2022-02-07
checkpoint_2022-03-30
production_2020-05-08
production_2020-05-12
production_2020-07-21
production_2021-05-05
production_2021-05-21

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1531.json"