Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.BILLQUICK_CVE-2021-42258.NBINHistorySep 22, 2023 - 12:00 a.m.
Billquick Websuite < 22.0.9.1 SQLi
2023-09-2200:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.
Binary data billquick_cve-2021-42258.nbinRelated
prion
prion
Sql injection
2021-10-22 22:15:00
attackerkb
attackerkb
CVE-2021-42258
2021-10-22 00:00:00
cve
cve
CVE-2021-42258
2021-10-22 22:15:00
thn
thn
Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware
2021-10-25 08:19:00
cisa_kev
cisa_kev
BQE BillQuick Web Suite SQL Injection Vulnerability
2021-11-03 00:00:00
checkpoint_advisories
checkpoint_advisories
BillQuick Website SQL injection (CVE-2021-42258)
2021-11-25 00:00:00
nuclei
nuclei
BillQuick Web Suite SQL Injection
2021-10-26 08:26:22
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-11-12 15:36:09
securelist
securelist
Cyberthreats to financial organizations in 2022
2021-11-23 10:00:13
threatpost
threatpost
BillQuick Billing App Rigged to Inflict Ransomware
2021-10-25 20:51:06
BQE Web Suite Billing App Rigged to Inflict Ransomware
2021-10-25 20:51:06
qualysblog
qualysblog
Qualys Response to CISA Alert: Binding Operational Directive 22-01
2021-11-09 06:15:01
Related for BILLQUICK_CVE-2021-42258.NBIN