CVE-2021-43650

CRITICAL

WebRun 3.6.0.42 - SQL Injection

Title source: llm

Description

WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process.

Exploits (2)

exploitdb WORKING POC
by Vinicius Alves · textwebappsmultiple
https://www.exploit-db.com/exploits/50542
nomisec WORKING POC
by OpenXP-Research · poc
https://github.com/OpenXP-Research/CVE-2021-43650

References (1)

Scores

CVSS v3 9.8
EPSS 0.0103
EPSS Percentile 77.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
softwell/webrun 3.6.0.42
Published Mar 22, 2022
Tracked Since Feb 18, 2026