Description

The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts' login IDs and passwords) via the login.jsp uname parameter.

Related CPE's

a

quicklert

quicklert

10.0.0

-

*

*

*

*

digium_switchvox

Vulnerable

References

https://quicklert.com

Vendor Advisory

https://www.assurainc.com/assura-announces-discovery-of-two-vulnerabilities-in-quicklert-for-digium-switchvox/amp-on/

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-03-10T17:44:11.403

3 years ago

Last modified

2022-03-15T14:16:20.653

3 years ago