CVE-2022-1064 CRITICAL

CVE-2022-1064: SQL injection through marking blog comments on bulk as spam in forkcms/forkcms

Vendor Forkcms
Product forkcms/forkcms
Weakness CWE-89 · SQLi
Published March 25, 2022
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

9.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1.

Key dates

02Disclosure timeline

March 25, 2022 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-10738 URL Shortener Plugin For WordPress <= 3.0.7 - Unauthenticated SQL Injection CVE-2023-26020 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Crafter Studio CVE-2026-13525 CodeAstro Human Resource Management System Update_Earn_Leave Endpoint Employee_model.php emselectByCode sql injection CVE-2024-2831 Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode CVE-2024-29875 SQL injection vulnerability in Sentrifugo