Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds.
Published 2022-11-11 04:15:13
Updated 2022-11-16 02:35:49
Source GitHub, Inc.
View at NVD,   CVE.org
Vulnerability category: Sql Injection

Exploit prediction scoring system (EPSS) score for CVE-2022-41892

0.14%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-41892

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST
8.6
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
3.9
4.7
GitHub, Inc.

CWE ids for CVE-2022-41892

References for CVE-2022-41892

Products affected by CVE-2022-41892

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!