CVE-2021-26837

CRITICAL

Fortra DeliverNow < 1.2.18 - SQL Injection via SearchTextBox Parameter

Title source: llm
STIX 2.1

Description

SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information.

Scores

CVSS v3 9.8
EPSS 0.0085
EPSS Percentile 54.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
fortra/delivernow < 1.2.18
Published Sep 19, 2023
Tracked Since Feb 18, 2026