Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-3798
CVE-2022-3798:
vulnerability analysis and mitigation
Overview
A critical SQL injection vulnerability was identified in IBAX go-ibax, specifically affecting the /api/v2/open/tablesInfo API endpoint. The vulnerability was discovered and reported on October 18, 2022 (GitHub Issue).
Technical details
The vulnerability exists in two locations within the go-ibax/packages/api/database.go file. The first instance is on Line 92, where user input is directly interpolated into an SQL query string for table information retrieval. The second instance occurs on Line 120, where similar unsafe string interpolation is performed for column information queries. Both vulnerabilities allow for SQL injection through unvalidated user input parameters (GitHub Issue).
Impact
The SQL injection vulnerability allows attackers to execute arbitrary SQL commands on the underlying database. This was demonstrated through a proof of concept using pg_sleep(3) command, which successfully caused a 3-second delay in the server response, confirming the existence of the vulnerability (GitHub Issue).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management