CVE-2022-0153

HIGH7.5EPSS 0.27%

SQL Injection in Fork CMS

Published: 3/25/2022Modified: 11/8/2023

Description

Fork CMS contains a SQL injection vulnerability in versions prior to version 5.11.1. When deleting submissions which belong to a formular (made with module `FormBuilder`), the parameter `id[]` is vulnerable to SQL injection.

Affected packages (1)

Packagist/forkcms/forkcmsfrom 0, < 5.11.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0153
PATCHhttps://github.com/forkcms/forkcms
WEBhttps://github.com/forkcms/forkcms/commit/7a12046a67ae5d8cf04face3ee75e55f03a1a608
WEBhttps://huntr.dev/bounties/841503dd-311c-470a-a8ec-d4579b3274eb