CVE-2022-39303 HIGH

CVE-2022-39303: Ree6 vulnerable to SQL Injection

Vendor Ree6-Applications
Product Ree6
Weakness CWE-89 · SQLi
Published October 13, 2022
Last update April 23, 2025

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds.

Key dates

02Disclosure timeline

October 13, 2022 CVE published
April 23, 2025 Record updated