CVE-2022-1531

Name
CVE-2022-1531
Description
SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/rtxteam/rtx/commit/fa2797e656e3dba18f990a2db1f0f029d41f1921
CONFIRM https://huntr.dev/bounties/fc4eb544-ef1e-412d-9fdb-0ceb04e038fe

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:rtx_project:rtx:*:*:*:*:*:*:*:* rtx >= None < checkpoint_2022-04-20
cpe:2.3:a:rtx_project:rtx:*:*:*:*:*:*:*:* rtx >= None < 2022-04-20

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
rtx 3.18-community 1.29.3-r0 Jeff Dickey <alpine@rtx.pub> possibly vulnerable