BillQuick Web Suite SQL Injection Vulnerability CVE-2021-42258 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

10

BillQuick Web Suite SQL Injection Vulnerability CVE-2021-42258 Scanner Detail

BillQuick Web Suite allows SQL Injection vulnerability.

BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.

Some Advice for Common Problems

  • You need to apply related fixes.
  • Sanitize all parameters received as input from the user.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service