CVE-2022-4889

CVSS V2 None CVSS V3 None
Description
A vulnerability classified as critical was found in visegripped Stracker. Affected by this vulnerability is the function getHistory of the file doc_root/public_html/stracker/api.php. The manipulation of the argument symbol/startDate/endDate leads to sql injection. The name of the patch is 63e1b040373ee5b6c7d1e165ecf5ae1603d29e0a. It is recommended to apply a patch to fix this issue. The identifier VDB-218377 was assigned to this vulnerability.
Overview
  • CVE ID
  • CVE-2022-4889
  • Assigner
  • cna@vuldb.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-15T08:15:08
  • Last Modified Date
  • 2023-01-24T16:33:12
Weakness Enumerations
CWE URL
CWE-89 http://cwe.mitre.org/data/definitions/89.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:stracker_project:stracker:*:*:*:*:*:*:*:* 1 OR 2022-04-09
References
Reference URL Reference Tags
https://github.com/visegripped/stracker/commit/63e1b040373ee5b6c7d1e165ecf5ae1603d29e0a
https://github.com/visegripped/stracker/pull/16
https://vuldb.com/?ctiid.218377
https://vuldb.com/?id.218377
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-4889
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4889
History
Created Old Value New Value Data Type Notes
2023-01-15 09:14:35 Added to TrackCVE
2023-01-15 09:14:35 Weakness Enumeration new
2023-01-17 14:14:57 2023-01-17T13:24:51 CVE Modified Date updated
2023-01-17 14:14:57 Received Awaiting Analysis Vulnerability Status updated
2023-01-17 14:15:01 CVSS V3 information new
2023-01-17 14:15:01 CVSS V2 information new
2023-01-20 19:14:56 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-20 19:15:00 CVSS V3 information new
2023-01-20 19:15:00 CVSS V2 information new
2023-01-24 18:12:44 2023-01-24T16:33:12 CVE Modified Date updated
2023-01-24 18:12:44 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-24 18:12:46 CPE Information updated
2023-01-24 18:12:46 CVSS V3 information new
2023-01-24 18:12:46 CVSS V2 information new