RSS   Vulnerabilities for 'Quicklert'   RSS

2022-03-10
 
CVE-2021-43969

CWE-89
 

 
The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts' login IDs and passwords) via the login.jsp uname parameter.

 
 
CVE-2021-43970

CWE-434
 

 
An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on the target server within the context of application's permissions (SYSTEM).

 


Copyright 2024, cxsecurity.com

 

Back to Top