CVE-2021-43969

MEDIUM

Quicklert for Digium 10.0.0 - SQL Injection

Title source: llm
STIX 2.1

Description

The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts' login IDs and passwords) via the login.jsp uname parameter.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://quicklert.com

Scores

CVSS v3 6.5
EPSS 0.0148
EPSS Percentile 71.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-89
Status published
Products (1)
quicklert/quicklert 10.0.0
Published Mar 10, 2022
Tracked Since Feb 18, 2026