The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts' login IDs and passwords) via the login.jsp uname parameter.
References
Link | Resource |
---|---|
https://quicklert.com | Vendor Advisory |
https://www.assurainc.com/assura-announces-discovery-of-two-vulnerabilities-in-quicklert-for-digium-switchvox/amp-on/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-07T20:58:08
Updated: 2022-03-07T20:58:08
Reserved: 2021-11-17T00:00:00
Link: CVE-2021-43969
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-10T17:44:11.403
Modified: 2022-03-15T14:16:20.653
Link: CVE-2021-43969
JSON object: View
Redhat Information
No data.
CWE