Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-3800
CVE-2022-3800:
vulnerability analysis and mitigation
Overview
A critical SQL injection vulnerability was discovered in IBAX go-ibax affecting the /api/v2/open/rowsInfo functionality. The vulnerability was identified and disclosed on October 24, 2022, with CVE-2022-3800 being assigned on November 1, 2022. The vulnerability affects versions of go-ibax starting from commits made on July 18, 2020 (GitHub Issue).
Technical details
The vulnerability exists in the /packages/api/database.go file where the table_name parameter is improperly handled in SQL query construction. The vulnerable code uses fmt.Sprintf to directly interpolate user input into SQL queries without proper sanitization. Two specific instances of vulnerable code were identified in lines 187 and 189 of commit 6bac746, where the tableName parameter is directly inserted into SQL queries (GitHub Issue).
Impact
The SQL injection vulnerability allows attackers to potentially spoof identity, tamper with existing data, achieve complete disclosure of all system data, destroy data or make it unavailable, and potentially gain administrator privileges on the database server (GitHub Issue).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management