Miggo Logo
Miggo Vulnerability Database
CVE-2022-29305

CVE-2022-29305: SQL injection in helloxz/imgurl

8.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-29305
GHSA ID
GHSA-rrjv-34p5-4c7r
EPSS Score
0.54065%
CWE
CWE-89
Published
5/25/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
helloxz/imgurlcomposer= 2.31

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis is based on the information provided in the GitHub issue (#75) and the description of the vulnerability. The uplimit function is identified as the vulnerable function because it directly incorporates user input into an SQL query. The exact namespace or class name (Query) is inferred based on the context provided.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

im*url v*.** w*s *is*ov*r** to *ont*in * *lin* SQL inj**tion vuln*r**ility vi* /uplo**/lo**l*ost.

Reasoning

T** *n*lysis is **s** on t** in*orm*tion provi*** in t** *it*u* issu* (#**) *n* t** **s*ription o* t** vuln*r**ility. T** `uplimit` *un*tion is i**nti*i** *s t** vuln*r**l* *un*tion ****us* it *ir**tly in*orpor*t*s us*r input into *n SQL qu*ry. T** *
CVE-2022-29305: imgurl Upload Blind SQLi Flaw | Miggo