{"id":"CVE-2022-48328","details":"app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.","modified":"2026-04-10T04:53:04.044249Z","published":"2023-02-20T04:15:11.147Z","references":[{"type":"ADVISORY","url":"https://github.com/MISP/MISP/compare/v2.4.166...v2.4.167"},{"type":"ADVISORY","url":"https://zigrin.com/advisories/misp-sql-injection-in-crud-component/"},{"type":"FIX","url":"https://github.com/MISP/MISP/commit/1edbc2569989f844799261a5f90edfa433d7dbcc"},{"type":"FIX","url":"https://github.com/MISP/MISP/commit/206f540f0275af2dd2a86275abc199df41e72a21"},{"type":"EVIDENCE","url":"https://zigrin.com/cakephp-application-cybersecurity-research-hiding-in-plain-sight-the-hidden-danger-of-sql-injection-in-input-field-names/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/misp/misp","events":[{"introduced":"0"},{"fixed":"b8463ebbbf47b49d9bd1da145725d68852c308b9"},{"fixed":"1edbc2569989f844799261a5f90edfa433d7dbcc"},{"fixed":"206f540f0275af2dd2a86275abc199df41e72a21"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.4.167"}]}}],"versions":["codename/tellurium","rm","v0.2","v2.3.0","v2.4.0","v2.4.1","v2.4.10","v2.4.100","v2.4.101","v2.4.102","v2.4.106","v2.4.107","v2.4.109","v2.4.11","v2.4.110","v2.4.111","v2.4.118","v2.4.120","v2.4.121","v2.4.122","v2.4.123","v2.4.125","v2.4.127","v2.4.128","v2.4.13","v2.4.130","v2.4.133","v2.4.134","v2.4.136","v2.4.137","v2.4.14","v2.4.15","v2.4.152","v2.4.153","v2.4.156","v2.4.157","v2.4.158","v2.4.16","v2.4.160","v2.4.161","v2.4.162","v2.4.163","v2.4.164","v2.4.165","v2.4.166","v2.4.17","v2.4.18","v2.4.2","v2.4.20","v2.4.21","v2.4.22","v2.4.23","v2.4.24","v2.4.25","v2.4.26","v2.4.27","v2.4.3","v2.4.34","v2.4.35","v2.4.36","v2.4.37","v2.4.38","v2.4.39","v2.4.4","v2.4.43","v2.4.45","v2.4.46","v2.4.47","v2.4.48","v2.4.5","v2.4.50","v2.4.51","v2.4.52","v2.4.53","v2.4.54","v2.4.56","v2.4.57","v2.4.58","v2.4.59","v2.4.60","v2.4.61","v2.4.62","v2.4.63","v2.4.64","v2.4.65","v2.4.7","v2.4.78","v2.4.80","v2.4.82","v2.4.83","v2.4.85","v2.4.86","v2.4.87","v2.4.88","v2.4.89","v2.4.9","v2.4.91","v2.4.93","v2.4.94","v2.4.95","v2.4.96","v2.4.98"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48328.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}