8.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-3799

GHSA ID

GHSA-fcgf-j8cf-h2rm

EPSS Score

0.18647%

CWE

CWE-89

Published

11/1/2022

Updated

4/24/2024

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-3799

CVE-2022-3799: IBAX go-ibax vulnerable to SQL injection

A vulnerability classified as critical was found in IBAX go-ibax. Affected by this vulnerability is an unknown functionality of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212635.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-3799

CVE-2022-3799:

8.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-3799

GHSA ID

GHSA-fcgf-j8cf-h2rm

EPSS Score

0.18647%

CWE

CWE-89

Published

11/1/2022

Updated

4/24/2024

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/IBAX-io/go-ibax	go	< 1.4.2	1.4.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The GitHub issue #2060 explicitly shows vulnerable SQL query construction in database.go lines 92 and 120 using fmt.Sprintf with user-controlled parameters (order and table_name).
The commit fix removed these endpoints entirely, indicating they were the attack surface.
The POCs demonstrate time-based injection via pg_sleep in these exact parameters.
Both functions handle API endpoints (/open/tablesInfo and /open/columnsInfo) mentioned in vulnerability descriptions.
SQL string concatenation patterns match classic injection vulnerabilities (CWE-89).

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-3799: IBAX go-ibax vulnerable to SQL injection

CVE-2022-3799:

8.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

8.8

8.8

Technical Details

Basic Information

Basic Information

CVE-2022-3799: IBAX go-ibax vulnerable to SQL injection

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI