{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-21T12:47:37.058","vulnerabilities":[{"cve":{"id":"CVE-2022-41892","sourceIdentifier":"security-advisories@github.com","published":"2022-11-11T04:15:12.567","lastModified":"2026-06-17T05:04:00.500","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Arches is a web platform for creating, managing, & visualizing geospatial data. Versions prior to 6.1.2, 6.2.1, and 7.1.2 are vulnerable to SQL Injection. With a carefully crafted web request, it's possible to execute certain unwanted sql statements against the database. This issue is fixed in version 7.12, 6.2.1, and 6.1.2. Users are recommended to upgrade as soon as possible. There are no workarounds."},{"lang":"es","value":"Arches es una plataforma web para crear, gestionar y administrar visualización de datos geoespaciales. Las versiones anteriores a 6.1.2, 6.2.1 y 7.1.2 son vulnerables a la inyección SQL. Con una solicitud web cuidadosamente manipulada, es posible ejecutar ciertas declaraciones SQL no deseadas en la base de datos. Este problema se solucionó en las versiones 7.12, 6.2.1 y 6.1.2. Se recomienda a los usuarios que actualicen lo antes posible. No hay workarounds."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"archesproject","product":"arches","versions":[{"version":"<= 6.1.2","status":"affected"},{"version":">= 6.2.0, < 6.2.1","status":"affected"},{"version":">= 7.0.0, < 7.1.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-23T15:48:53.894481Z","id":"CVE-2022-41892","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:archesproject:arches:*:*:*:*:*:*:*:*","versionEndIncluding":"6.1.1","matchCriteriaId":"21BB1B47-4586-4F5F-A4C3-A7ADCFA79DC3"},{"vulnerable":true,"criteria":"cpe:2.3:a:archesproject:arches:6.2.0:*:*:*:*:*:*:*","matchCriteriaId":"E7A5A39D-379C-47BA-81B9-1AEC7808EE5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:archesproject:arches:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5B614BF2-A773-4E7C-8514-70860A6D7C02"},{"vulnerable":true,"criteria":"cpe:2.3:a:archesproject:arches:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"33E271C0-E2F0-484A-80B2-D2101FF67ECE"},{"vulnerable":true,"criteria":"cpe:2.3:a:archesproject:arches:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"9F04CFEA-BC99-4DFC-9DBE-3947DAECD27C"}]}]}],"references":[{"url":"https://github.com/archesproject/arches/security/advisories/GHSA-gmpq-xrxj-xh8m","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/archesproject/arches/security/advisories/GHSA-gmpq-xrxj-xh8m","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}