CVE-2021-42258

CRITICAL KEV RANSOMWARE NUCLEI

BQE BillQuick Web Suite 2018-2021 < 22.0.9.1 - Unauthenticated SQL Injection via txtID Parameter

Title source: llm

Exploitation Summary

CVE-2021-42258 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021, with confirmed use in ransomware campaigns. EIP tracks 1 public exploit from researchers including h00die, including a Metasploit module auxiliary/gather/billquick_txtid_sqli. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits a SQL injection vulnerability in BillQuick Web Suite prior to version 22.0.9.1. It extracts database information, including the database name, banner, user, hostname, and the SecurityTable (user table).

Description

BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.

Exploits (1)

metasploit WORKING POC

by h00die · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/billquick_txtid_sqli.rb

View Code ZIP pw:eip

This Metasploit module exploits a SQL injection vulnerability in BillQuick Web Suite prior to version 22.0.9.1. It extracts database information, including the database name, banner, user, hostname, and the SecurityTable (user table).

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: BillQuick Web Suite < 22.0.9.1

No auth needed

Prerequisites: Network access to the target application · BillQuick Web Suite running on MSSQL

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

BillQuick Web Suite SQL Injection

CRITICALby dwisiswant0

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42258

Scores

CVSS v3 9.8

EPSS 0.9410

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-10-22

InTheWild.io 2021-10-22

ENISA EUVD EUVD-2021-29234

Ransomware Use Confirmed

CWE

CWE-89

Status published

Products (1)

bqe/billquick_web_suite 19 - 22.0.9.1

Published Oct 22, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026