CVE-2022-21643 CRITICAL

CVE-2022-21643: SQL Injection in USOC

Vendor Aaron-Junker
Product USOC
Weakness CWE-89 · SQLi
Published January 4, 2022
Last update April 23, 2025

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.

Key dates

02Disclosure timeline

January 4, 2022 CVE published
April 23, 2025 Record updated