Lucene search

[email protected]CVE-2021-41408

HistoryJun 17, 2022 - 1:15 p.m.

CVE-2021-41408

2022-06-1713:15:12

CWE-89

[email protected]

web.nvd.nist.gov

voipmonitor

web gui

v24.61

sql injection

api.php

user parameter

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.7%

JSON

VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the “api.php” file and “user” parameter.

Affected configurations

NVD

Node

voipmonitorvoipmonitorMatch24.61

CPENameOperatorVersion
voipmonitor:voipmonitorvoipmonitoreq24.61

CPE	Name	Operator	Version
voipmonitor:voipmonitor	voipmonitor	eq	24.61

References

gist.github.com/divinepwner/e51050e0d7df77ff1f1379583e8cf7db

www.voipmonitor.org/changelog-gui?major=5

Social References

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.7%

JSON

Related for CVE-2021-41408

prion1 cnvd1 cvelist1 nvd1