CVE-2022-1531

moderate-risk
Published 2022-04-29

SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover.

Do I need to act?

~
3.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 75f70762004ae870bb75ff6eb2d1700aa15c7e79
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Rtx

Affected Vendors

Rtx Project

References (4)

Patch https://github.com/rtxteam/rtx/commit/fa2797e656e3dba18f990a2db1f0f029d41f1921
Exploit https://huntr.dev/bounties/fc4eb544-ef1e-412d-9fdb-0ceb04e038fe
Patch https://github.com/rtxteam/rtx/commit/fa2797e656e3dba18f990a2db1f0f029d41f1921
Exploit https://huntr.dev/bounties/fc4eb544-ef1e-412d-9fdb-0ceb04e038fe
44
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 7/34 · Low
Exposure 5/34 · Minimal