CVE-2022-41892

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-41892

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41892.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-41892

Aliases

Published

2022-11-11T00:00:00Z

Modified

2026-04-10T04:51:53.801706Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L CVSS Calculator

Summary

Arches vulnerable to SQL Injection

Details

Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-89"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41892.json"
}

References

Affected packages

Git / github.com/archesproject/arches

Affected ranges

Type: GIT
Repo: https://github.com/archesproject/arches
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7081bd32848084809fd9f497b50c0b0d29b3f848

Affected versions

3.*

3.0.0

3.0.0rc12

3.0.1

3.0.2

3.0.3

3.0.5

3.1.0

3.1.1

3.1.2

4.*

4.0.0

4.0b1

4.0b2

4.0b3

4.4.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41892.json"