CVE-2021-26795

Sažetak

A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management.

Reference

http://seclists.org/fulldisclosure/2021/Nov/37
http://packetstormsecurity.com/files/164961/Talariax-sendQuick-Alertplus-Server-Admin-4.3-SQL-Injection.html

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-11-2021 - 15:12

Objavljeno

14-11-2021 - 21:15