The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts' login IDs and passwords) via the login.jsp uname parameter.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-07T20:58:08
Updated: 2024-08-04T04:10:17.161Z
Reserved: 2021-11-17T00:00:00
Link: CVE-2021-43969
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-03-10T17:44:11.403
Modified: 2024-11-21T06:30:06.080
Link: CVE-2021-43969
Redhat
No data.