.. / CVE-2022-3800

Exploit for IBAX - SQL Injection (CVE-2022-3800)

Description:

IBAX go-ibax functionality is susceptible to SQL injection via the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to SQL injection, and the attack may be launched remotely. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

Nuclei Template

View the template here CVE-2022-3800.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-3800.yaml
Copy

References:

https://vuldb.com/?id.212636
https://github.com/ARPSyndicate/cvemon
https://github.com/IBAX-io/go-ibax/issues/2061
https://nvd.nist.gov/vuln/detail/CVE-2022-3800