Skip to content

SQL Injection in useredit.php

Moderate
Aaron-Junker published GHSA-557p-hhpc-4wrx Jan 9, 2022

Package

USOC (USOC)

Affected versions

<Pb1.0Bfx0

Patched versions

Pb2.4Bfx3

Description

Impact

Allowed Sql injection in usersearch.php, which isn't a big issue because you can only access it when you're admin anyway.

Workarounds

Replace the file admin/pages/useredit.php with a newer version.

Severity

Moderate

CVE ID

CVE-2022-21666

Weaknesses

Credits