CVE-2022-21644

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-21644
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21644.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-21644
Aliases
  • GHSA-89jg-6fr3-9q4h
Published
2022-01-04T20:00:12Z
Modified
2025-10-22T18:26:45.990841Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
SQL Injection via search in USOC
Details

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.

Database specific 
{
    "cwe_ids": [
        "CWE-89"
    ]
}
References

Affected packages

Git / github.com/aaron-junker/usoc

Affected ranges

Type
GIT
Repo
https://github.com/aaron-junker/usoc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d0354751fe68915ef5da9142b4f62e5a551b3198

Affected versions

Pa1.*

Pa1.0Bfx0

Pb1.*

Pb1.0Bfx0
Pb1.0Bfx1
Pb1.0Bfx1,Pre-beta
Pb1.0Bfx2
Pb1.1Bfx0
Pb1.2Bfx0
Pb1.3Bfx0
Pb1.4Bfx0
Pb1.5Bfx0
Pb1.6Bfx0
Pb1.7Bfx0
Pb1.8Bfx0

Pb2.*

Pb2.0Bfx0
Pb2.0Bfx0RCA
Pb2.0Bfx1
Pb2.1Bfx0
Pb2.2Bfx0
Pb2.3Bfx0
Pb2.4Bfx0
Pb2.4Bfx1

Git / github.com/noraa-junker/usoc

Affected ranges

Type
GIT
Repo
https://github.com/noraa-junker/usoc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
06217c66c8f9b114726b21633eabcd88ac9034aa

Affected versions

Pa1.*

Pa1.0Bfx0

Pb1.*

Pb1.0Bfx0
Pb1.0Bfx1
Pb1.0Bfx1,Pre-beta
Pb1.0Bfx2
Pb1.1Bfx0
Pb1.2Bfx0
Pb1.3Bfx0
Pb1.4Bfx0
Pb1.5Bfx0
Pb1.6Bfx0
Pb1.7Bfx0
Pb1.8Bfx0

Pb2.*

Pb2.0Bfx0
Pb2.0Bfx0RCA
Pb2.0Bfx1
Pb2.1Bfx0
Pb2.2Bfx0
Pb2.3Bfx0
Pb2.4Bfx0
Pb2.4Bfx1