CVE-2022-0495

The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.

CVSS v3 9.4 CRITICAL

9.4^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-22-0635	Third Party Advisory
https://www.usom.gov.tr/bildirim/tr-22-0635	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:parantezteknoloji:koha_library_automation:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-09-21 09:15

Updated : 2024-11-21 06:38

NVD link : CVE-2022-0495

Mitre link : CVE-2022-0495

CVE.ORG link : CVE-2022-0495

JSON object : View

Products Affected

parantezteknoloji

koha_library_automation

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2022-0495", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "iletisim@usom.gov.tr", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.4, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-09-21T09:15:09.187", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-22-0635", "tags": ["Third Party Advisory"], "source": "iletisim@usom.gov.tr"}, {"url": "https://www.usom.gov.tr/bildirim/tr-22-0635", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01."}, {"lang": "es", "value": "El producto del sistema de automatizaci\u00f3n de bibliotecas KOHA desarrollado por Parantez Teknoloji versiones anteriores a 19.05.03, presenta una vulnerabilidad de inyecci\u00f3n SQL no autenticada. Esto ha sido corregido en versi\u00f3n 19.05.03.01"}], "lastModified": "2024-11-21T06:38:46.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:parantezteknoloji:koha_library_automation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0536BE0-8CF1-47AB-B054-4F0F488AE5A4", "versionEndExcluding": "19.05.03.01"}], "operator": "OR"}]}], "sourceIdentifier": "iletisim@usom.gov.tr"}