CVE-2021-37413

CRITICAL

9.8

Beschreibung

GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login script does not verify and sanitize user-provided strings.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht5/19/2022

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

grandcom:dynweb

Schwachen (CWE)

CWE-89

Referenzen

https://github.com/martinkubecka/CVE-References/blob/main/CVE-2021-37413.md(cve@mitre.org)

https://www.grandcom.sk(cve@mitre.org)

https://github.com/martinkubecka/CVE-References/blob/main/CVE-2021-37413.md(af854a3a-2127-422b-91ae-364da2661108)

https://www.grandcom.sk(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.