CVE-2021-21935

December 28, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery.

Summary:

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery.

Reference Links(if available):

  • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1366

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • You may have missed

    image

    [KILLSEC] – Ransomware Victim: Giggle Finance

    November 13, 2024
    CISA Logo

    US-CERT Vulnerability Summary for the Week of November 4, 2024

    November 12, 2024
    image

    [RAWORLD] – Ransomware Victim: Orange County Pathology Medical Group

    November 12, 2024
    image

    [RAWORLD] – Ransomware Victim: SK Gas

    November 12, 2024
    CISA Logo

    CISA: Ivanti Releases Security Updates for Multiple Products

    November 12, 2024