exploitDog

CVE-2021-37413

Опубликовано: 19 мая 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login script does not verify and sanitize user-provided strings.

Ссылки

https://github.com/martinkubecka/CVE-References/blob/main/CVE-2021-37413.md
Exploit
Third Party Advisory
https://www.grandcom.sk
Product
https://github.com/martinkubecka/CVE-References/blob/main/CVE-2021-37413.md
Exploit
Third Party Advisory
https://www.grandcom.sk
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:grandcom:dynweb:*:*:*:*:*:*:*:*

Версия до 4.2 (исключая)

EPSS

Процентиль: 82%

0.01705

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-8h29-88h5-g2w2

CVSS3: 9.8

github

больше 3 лет назад

GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login script does not verify and sanitize user-provided strings.

EPSS

Процентиль: 82%

0.01705

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89