CVE-2021-43650

CRITICAL

WebRun 3.6.0.42 - SQL Injection via P_0 Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-43650. PoCs published by Vinicius Alves, OpenXP-Research.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Webrun 3.6.0.42 via the P_0 parameter during login. The payload manipulates the input to trigger an error message containing a specific string ('qvvxq1qbzbq'), confirming successful exploitation.

Description

WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process.

Exploits (2)

exploitdb WORKING POC
by Vinicius Alves · textwebappsmultiple
https://www.exploit-db.com/exploits/50542

This exploit demonstrates a SQL injection vulnerability in Webrun 3.6.0.42 via the P_0 parameter during login. The payload manipulates the input to trigger an error message containing a specific string ('qvvxq1qbzbq'), confirming successful exploitation.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Webrun 3.6.0.42
No auth needed
Prerequisites: Access to the login page of Webrun 3.6.0.42
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by OpenXP-Research · poc
https://github.com/OpenXP-Research/CVE-2021-43650

This repository contains a proof-of-concept for CVE-2021-43650, demonstrating a SQL Injection vulnerability in Webrun <= 3.6.0.42. The exploit targets the login process by injecting a payload into the POST parameter P_1, resulting in a PostgreSQL error that confirms the vulnerability.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Webrun <= 3.6.0.42
No auth needed
Prerequisites: Access to the Webrun login page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/50542

Scores

CVSS v3 9.8
EPSS 0.0616
EPSS Percentile 92.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
softwell/webrun 3.6.0.42
Published Mar 22, 2022
Tracked Since Feb 18, 2026