DATABASE RESOURCES PRICING ABOUT US

{"id": "PACKETSTORM:164961", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "Talariax sendQuick Alertplus Server Admin 4.3 SQL Injection", "description": "", "published": "2021-11-15T00:00:00", "modified": "2021-11-15T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/164961/Talariax-sendQuick-Alertplus-Server-Admin-4.3-SQL-Injection.html", "reporter": "Jerry Toh", "references": [], "cvelist": ["CVE-2021-26795"], "immutableFields": [], "lastseen": "2021-11-15T21:42:45", "viewCount": 154, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-26795"]}, {"type": "zdt", "idList": ["1337DAY-ID-37047"]}], "rev": 4}, "score": {"value": 5.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-26795"]}, {"type": "zdt", "idList": ["1337DAY-ID-37047"]}]}, "exploitation": null, "vulnersScore": 5.6}, "sourceHref": "https://packetstormsecurity.com/files/download/164961/talariaxsqa43-sql.txt", "sourceData": "`Dear Full Disclosure Team, \n \nWe are writing to submit a full disclosure for the following vulnerability \ndiscovered for product Talariax sendQuick Alertplus server admin version \n4.3. This is an updated reference for \nhttps://seclists.org/fulldisclosure/2021/Oct/1. \n \n------------------------------------------------------------------------ \n*Title:* SQL injection vulnerability in Talariax sendQuick Alertplus server \nadmin version 4.3 \n \n*CVE Reference:* **RESERVED** CVE-2021-26795 \n*Product:* Talariax sendQuick Alertplus server admin \n*Vendor:* TalariaX Pte Ltd \n*Vulnerable version: *Talariax sendQuick Alertplus Server Admin version 4.3 \nPatch no 8HF8 and below. \n*Fixed version: *Patch no 8HF11 \n*Impact: *High \n*Vulnerability Type:* SQL Injection (CWE-89) \n*Vendor notification (and approval for disclosure):* 2021-Oct-05 \n*Public Disclosure:* 2021-Oct-06 \n*Discoverer: *Jerry Toh (t.ghimhong@gmail.com), Edmund Ong ( \nedmund.okx@gmail.com) \n \n------------------------------------------------------------------------ \n \n*Vulnerability details: * \n \nSQL Injection in the web interface of Talariax sendQuick Alertplus server \nadmin allows an authenticated user to perform error-based SQL injection via \nunsanitized form fields. \n \nThe affected URL is found in the Roster Management function: \n/appliance/shiftmgn.php \n \nThe attached screenshots (see evidence*.jpeg) shows that: \n(1) Vulnerability was discovered showing that there is an error message \nwhich states that the SQL Syntax error after a single quotation mark was \nappended upon the form submission causing an error message which is thrown \nfrom the database \n(2) Finding was subsequently verified as fixed after input validation was \nimplemented in the fields. \n \n \n------------------------------------------------------------------------ \n \n*Proof of concept:* \n \nThe following input fields were found to be vulnerable to SQL injection: \nNavigate to \"Roster Management\" > Select Edit Roster > Day Selected > Input \nfields \"Roster Time\". (see evidence-2.jpeg). The screenshot above shows \nthat there is an error message which states that the SQL Syntax error, \nafter a single quotation mark ('), is being appended upon the form \nsubmission. \n \n------------------------------------------------------------------------ \n \n*Remediation:* \n \nAlthough the patch (Patch no 8HF11) was tested to have fixed this, it is \nstill recommended to use the latest product version/patches. Please \napproach the vendor for the latest product patches. \n \n------------------------------------------------------------------------ \n \n*Disclosure details:* \n- 2021/10/04 Contacted email for permission to disclose \n- 2021/10/05 Vendor responded and approved for public disclosure submission \n- 2021/10/06 Public disclosure on SecList ( \nhttps://seclists.org/fulldisclosure/2021/Oct/1) \n- 2021/11/11 Added CVE details for public disclosure reference \n \n----------------------------------------------------------------------------------- \n*Additional references:* \nBelow email attachment is the request approval for disclosure by vendor \n \nDelivered-To: edmund.okx@gmail.com \nReceived: by 2002:a67:c982:0:0:0:0:0 with SMTP id y2csp1780343vsk; \nMon, 4 Oct 2021 21:31:06 -0700 (PDT) \n(envelope-from <jswong@talariax.com>) id 1mXc6V-0004bO-R8; Tue, 05 Oct \n2021 12:30:58 +0800 \nReply-To: jswong@talariax.com \nSubject: Re: Responsible disclosure of vulnerability in Talariax sendQuick \nAlertplus server admin (patched) \nTo: Edmund Ong <edmund.okx@gmail.com> \nCc: t.ghimhong@gmail.com \nReferences: <CAO0qOZwUuMcjpwvdAg1B4vZ-qrWHfwjixaMMTDh2= \n11Nr3N47g@mail.gmail.com> \nFrom: JS Wong <jswong@talariax.com> \nOrganization: TalariaX Pte Ltd \nMessage-ID: <47e14d24-ee1d-5b06-8f2f-20c7fa586957@talariax.com> \nDate: Tue, 5 Oct 2021 12:30:58 +0800 \nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) \nGecko/20100101 Thunderbird/78.14.0 \n \n--------------DBF6FC3FBFBCBF83D5A5DEEB \nContent-Type: text/plain; charset=utf-8; format=flowed \nContent-Transfer-Encoding: 8bit \n \nDear Edmund \n \nHi! Thanks for informing us on the issue found. We are pleased to inform \nthat we had fixed the issue in our patches and as long as customer \nupdate to the latest patches, the issue is resolved. \n \nIf you wish to submit to public domain as CVE, we will not stop you from \ndoing so. \n \nThanks for informing us \n \nRegards \n \nJS \n \nOn 4/10/2021 7:24 pm, Edmund Ong wrote: \n> Dear Talariax, \n> \n> We discovered a SQL injection vulnerability on one of your product \n> Talariax sendQuick Alertplus server admin during the period of Q4-2020 \n> to Q1-2021. \n> \n> This commercial off-the-shelf product was used by one of our clients \n> and they may or may not have reported this to you. The finding was \n> subsequently addressed and finding was closed (as shown in the \n> screenshots the affected patch no 8HF8, and the fix released was patch \n> no 8HF11) although we do not have the specific product version that is \n> affected but we have reason to believe that at that point of testing \n> the product Talariax sendQuick Alertplus server admin version was \n> version 4.3 (do correct us if this is wrong). We felt responsible to \n> share this finding with you directly so that you could ensure this \n> vulnerability would be (or had been) addressed in all subsequent \n> releases. \n> \n> *Finding details:* SQL Injection in the web interface of Talariax \n> sendQuick Alertplus server admin allows an authenticated user to \n> perform error-based SQL injection via unsanitized form fields. \n> \n> *Affected URL:* /appliance/shiftmgn.php \n> \n> *Evidence* (see attached screenshots evidence*.jpeg) \n> We attached the following screenshots to evidence that: \n> (1) Vulnerability was discovered showing that there is an error \n> message which states that the SQL Syntax error after a single \n> quotation mark was appended upon the form submission causing an error \n> message which is thrown from the database \n> (2) Finding was subsequently verified as fixed after input validation \n> was implemented in the fields. \n> \n> We would also like to seek your approval for us to perform responsible \n> disclosure to the public of this information. The intention is to help \n> potential victims gain knowledge and raise awareness that \n> vulnerability exists, Talariax could also provide us a \n> recommendation if you so please so that we could include in the \n> writeup (e.g. such as to update to the latest patch and versions). \n> Please note that if we don't hear from you within 14 days, we will \n> proceed to do full disclosure through \n> https://nmap.org/mailman/listinfo/fulldisclosure \n> <https://nmap.org/mailman/listinfo/fulldisclosure>. \n> \n> -- \n> Yours Sincerely, \n> Edmund Ong \n \n-- \nJS Wong (Mr.) \nTalariaX Pte Ltd \n76 Playfair Road #08-01 LHK2 \nSingapore 367996 \nTel: +65 62802881 Fax: +65 62806882 \nMobile: +65 96367680 \nWeb: http://www.talariax.com \n \nCONFIDENTIALITY NOTE: This email and any files transmitted with it is \nintended only for the use of the person(s) \nto whom it is addressed, and may contain information that is privileged, \nconfidential and exempt from disclosure \nunder applicable law. If you are not the intended recipient, please \nimmediately notify the sender and delete \nthe email. If you are not the intended recipient please do not disclose, \ncopy, distribute or take any action in \nreliance on the contents of this e-mail. Thank you. \n \n \n------------------------------------------------------------------------ \n`\n", "_state": {"dependencies": 1646365981}}

{"cve": [{"lastseen": "2022-03-23T15:48:04", "description": "A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-14T21:15:00", "type": "cve", "title": "CVE-2021-26795", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26795"], "modified": "2021-11-17T15:12:00", "cpe": ["cpe:/a:talariax:sendquick_alert_plus_server_admin:4.3"], "id": "CVE-2021-26795", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26795", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:talariax:sendquick_alert_plus_server_admin:4.3:-:*:*:*:*:*:*"]}], "zdt": [{"lastseen": "2022-06-04T17:31:58", "description": "Talariax sendQuick Alertplus Server Admin version 4.3 suffers from a vulnerability that allows an authenticated user to perform error-based SQL injection via unsanitized form fields.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-15T00:00:00", "type": "zdt", "title": "Talariax sendQuick Alertplus Server Admin 4.3 SQL Injection Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26795"], "modified": "2021-11-15T00:00:00", "id": "1337DAY-ID-37047", "href": "https://0day.today/exploit/description/37047", "sourceData": "Dear Full Disclosure Team,\n\nWe are writing to submit a full disclosure for the following vulnerability\ndiscovered for product Talariax sendQuick Alertplus server admin version\n4.3. This is an updated reference for\nhttps://seclists.org/fulldisclosure/2021/Oct/1.\n\n------------------------------------------------------------------------\n*Title:* SQL injection vulnerability in Talariax sendQuick Alertplus server\nadmin version 4.3\n\n*CVE Reference:* **RESERVED** CVE-2021-26795\n*Product:* Talariax sendQuick Alertplus server admin\n*Vendor:* TalariaX Pte Ltd\n*Vulnerable version: *Talariax sendQuick Alertplus Server Admin version 4.3\nPatch no 8HF8 and below.\n*Fixed version: *Patch no 8HF11\n*Impact: *High\n*Vulnerability Type:* SQL Injection (CWE-89)\n*Vendor notification (and approval for disclosure):* 2021-Oct-05\n*Public Disclosure:* 2021-Oct-06\n*Discoverer: *Jerry Toh ([email\u00a0protected]), Edmund Ong (\n[email\u00a0protected])\n\n------------------------------------------------------------------------\n\n*Vulnerability details: *\n\nSQL Injection in the web interface of Talariax sendQuick Alertplus server\nadmin allows an authenticated user to perform error-based SQL injection via\nunsanitized form fields.\n\nThe affected URL is found in the Roster Management function:\n/appliance/shiftmgn.php\n\nThe attached screenshots (see evidence*.jpeg) shows that:\n(1) Vulnerability was discovered showing that there is an error message\nwhich states that the SQL Syntax error after a single quotation mark was\nappended upon the form submission causing an error message which is thrown\nfrom the database\n(2) Finding was subsequently verified as fixed after input validation was\nimplemented in the fields.\n\n\n------------------------------------------------------------------------\n\n*Proof of concept:*\n\nThe following input fields were found to be vulnerable to SQL injection:\nNavigate to \"Roster Management\" > Select Edit Roster > Day Selected > Input\nfields \"Roster Time\". (see evidence-2.jpeg). The screenshot above shows\nthat there is an error message which states that the SQL Syntax error,\nafter a single quotation mark ('), is being appended upon the form\nsubmission.\n\n------------------------------------------------------------------------\n\n*Remediation:*\n\nAlthough the patch (Patch no 8HF11) was tested to have fixed this, it is\nstill recommended to use the latest product version/patches. Please\napproach the vendor for the latest product patches.\n\n------------------------------------------------------------------------\n\n*Disclosure details:*\n- 2021/10/04 Contacted email for permission to disclose\n- 2021/10/05 Vendor responded and approved for public disclosure submission\n- 2021/10/06 Public disclosure on SecList (\nhttps://seclists.org/fulldisclosure/2021/Oct/1)\n- 2021/11/11 Added CVE details for public disclosure reference\n\n-----------------------------------------------------------------------------------\n*Additional references:*\nBelow email attachment is the request approval for disclosure by vendor\n\nDelivered-To: [email\u00a0protected]\nReceived: by 2002:a67:c982:0:0:0:0:0 with SMTP id y2csp1780343vsk;\n Mon, 4 Oct 2021 21:31:06 -0700 (PDT)\n (envelope-from <[email\u00a0protected]>) id 1mXc6V-0004bO-R8; Tue, 05 Oct\n2021 12:30:58 +0800\nReply-To: [email\u00a0protected]\nSubject: Re: Responsible disclosure of vulnerability in Talariax sendQuick\nAlertplus server admin (patched)\nTo: Edmund Ong <[email\u00a0protected]>\nCc: [email\u00a0protected]\nReferences: <CAO0qOZwUuMcjpwvdAg1B4vZ-qrWHfwjixaMMTDh2=\n[email\u00a0protected]>\nFrom: JS Wong <[email\u00a0protected]>\nOrganization: TalariaX Pte Ltd\nMessage-ID: <[email\u00a0protected]>\nDate: Tue, 5 Oct 2021 12:30:58 +0800\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0)\nGecko/20100101 Thunderbird/78.14.0\n\n--------------DBF6FC3FBFBCBF83D5A5DEEB\nContent-Type: text/plain; charset=utf-8; format=flowed\nContent-Transfer-Encoding: 8bit\n\nDear Edmund\n\nHi! Thanks for informing us on the issue found. We are pleased to inform\nthat we had fixed the issue in our patches and as long as customer\nupdate to the latest patches, the issue is resolved.\n\nIf you wish to submit to public domain as CVE, we will not stop you from\ndoing so.\n\nThanks for informing us\n\nRegards\n\nJS\n\nOn 4/10/2021 7:24 pm, Edmund Ong wrote:\n> Dear Talariax,\n>\n> We discovered a SQL injection vulnerability on one of your product\n> Talariax sendQuick Alertplus server admin during the period of Q4-2020\n> to Q1-2021.\n>\n> This commercial off-the-shelf product was used by one of our clients\n> and they may or may not have reported this to you. The finding was\n> subsequently addressed and finding was closed (as shown in the\n> screenshots the affected patch no 8HF8, and the fix released was patch\n> no 8HF11) although we do not have the specific product version that is\n> affected but we have reason to believe that at that point of testing\n> the product Talariax sendQuick Alertplus server admin version was\n> version 4.3 (do correct us if this is wrong). We felt responsible to\n> share this finding with you directly so that you could ensure this\n> vulnerability would be (or had been) addressed in all subsequent\n> releases.\n>\n> *Finding details:* SQL Injection in the web interface of Talariax\n> sendQuick Alertplus server admin allows an authenticated user to\n> perform error-based SQL injection via unsanitized form fields.\n>\n> *Affected URL:* /appliance/shiftmgn.php\n>\n> *Evidence* (see attached screenshots evidence*.jpeg)\n> We attached the following screenshots to evidence that:\n> (1) Vulnerability was discovered showing that there is an error\n> message which states that the SQL Syntax error after a single\n> quotation mark was appended upon the form submission causing an error\n> message which is thrown from the database\n> (2) Finding was subsequently verified as fixed after input validation\n> was implemented in the fields.\n>\n> We would also like to seek your approval for us to perform responsible\n> disclosure to the public of this information. The intention is to help\n> potential victims gain knowledge and raise awareness that\n> vulnerability exists, Talariax could also provide us a\n> recommendation if you so please so that we could include in the\n> writeup (e.g. such as to update to the latest patch and versions).\n> Please note that if we don't hear from you within 14 days, we will\n> proceed to do full disclosure through\n> https://nmap.org/mailman/listinfo/fulldisclosure\n> <https://nmap.org/mailman/listinfo/fulldisclosure>.\n>\n> --\n> Yours Sincerely,\n> Edmund Ong\n", "sourceHref": "https://0day.today/exploit/37047", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}