HomePentest-Tools.com Logo

BillQuick Web Suite SQL Injection CVE-2021-42258

Severity
CVSSv3 Score
9.8
Vulnerability description

BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.

Risk description

No risk description to display.

Recommendation

Apply the latest security patches and updates provided by the vendor to fix the SQL Injection vulnerability in the BillQuick Web Suite.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Oct 22, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available