Filtered by vendor Quicklert Subscriptions
Filtered by product Quicklert Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-43970 1 Quicklert 1 Quicklert 2024-11-21 8.8 High
An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on the target server within the context of application's permissions (SYSTEM).
CVE-2021-43969 1 Quicklert 1 Quicklert 2024-11-21 6.5 Medium
The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts' login IDs and passwords) via the login.jsp uname parameter.