BillQuick.Web.Suite.CVE-2021-42258.SQL.Injection
Description
This indicates an attack attempt to exploit an SQL Injection Vulnerability in BillQuick Web Suite.
The vulnerability is due to insufficient input validation when processing requests to the login page. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request. Successful exploitation could result in the execution of arbitrary code on the target system.
Affected Products
BillQuick Web Suite 2018 through 2021 before 22.0.9.1
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://billquick.net/download/Support_Download/BQWS2021Upgrade/WebSuite2021LogFile_9_1.pdf
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |