{ "affected": [ { "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "337ab4c04d270f1605c9ebcf7006b6aa97119755" } ], "repo": "https://github.com/aaron-junker/usoc", "type": "GIT" } ] }, { "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "c331d26aaab41a7e9e8c1c1a990132dca9d01e10" }, { "fixed": "337ab4c04d270f1605c9ebcf7006b6aa97119755" } ], "repo": "https://github.com/noraa-junker/usoc", "type": "GIT" } ] } ], "aliases": [ "GHSA-557p-hhpc-4wrx" ], "database_specific": { "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-89" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21666.json" }, "details": "Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file `admin/pages/useredit.php` with a newer version. USOC version Pb2.4Bfx3 contains a fixed version of `admin/pages/useredit.php`.", "id": "CVE-2022-21666", "modified": "2026-04-01T23:09:55.518524790Z", "published": "2022-01-10T20:00:12Z", "references": [ { "type": "WEB", "url": "https://github.com/Aaron-Junker/USOC/releases/tag/Pb2.4Bfx3" }, { "type": "ADVISORY", "url": "https://github.com/Aaron-Junker/USOC/security/advisories/GHSA-557p-hhpc-4wrx" }, { "type": "ADVISORY", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21666.json" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21666" }, { "type": "FIX", "url": "https://github.com/Aaron-Junker/USOC/commit/c331d26aaab41a7e9e8c1c1a990132dca9d01e10" } ], "schema_version": "1.7.3", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": " SQL Injection in useredit.php" }