CVE-2021-38167

2021-08-0718:15:07

Google

osv.dev

8.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.7%

JSON

Roxy-WI through 5.2.2.0 allows SQL Injection via check_login. An unauthenticated attacker can extract a valid uuid to bypass authentication.

CPENameOperatorVersion
roxy-wieq3.4.4.6
roxy-wieq1.3
roxy-wieq1.9.1
roxy-wieq3.2.13
roxy-wieq1.10.2.1
roxy-wieq3.4.5.1
roxy-wieq1.10
roxy-wieq1.0
roxy-wieq1.1
roxy-wieq4.4.1.0

Name	Operator	Version
roxy-wi	eq	3.4.4.6
roxy-wi	eq	1.3
roxy-wi	eq	1.9.1
roxy-wi	eq	3.2.13
roxy-wi	eq	1.10.2.1
roxy-wi	eq	3.4.5.1
roxy-wi	eq	1.10
roxy-wi	eq	1.0
roxy-wi	eq	1.1
roxy-wi	eq	4.4.1.0

Rows per page:

1-10 of 241

References

github.com/hap-wi/roxy-wi/issues/285