CVE-2022-1064: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

March 26, 2022 (updated April 5, 2022)

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1.

References

github.com/advisories/GHSA-rr8m-29g8-8cgc
github.com/forkcms/forkcms/commit/6aca30e10b4181534f73f96d6e2ebeb45ec15069
huntr.dev/bounties/2f664985-c5fc-485b-b4fc-4c401be2cf40
nvd.nist.gov/vuln/detail/CVE-2022-1064

Detect and mitigate CVE-2022-1064 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →