CVE-2021-30486

HIGH

SysAid 20.3.64 b14 - SQL Injection via AssetManagementChart.jsp or AssetManagementList.jsp

Title source: llm
STIX 2.1

Description

SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1).

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://eh337.net/2021/04/10/sysaid-ii/

Scores

CVSS v3 8.8
EPSS 0.0102
EPSS Percentile 59.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
sysaid/sysaid 20.3.64 b14
Published Jul 22, 2021
Tracked Since Feb 18, 2026