Rekter0O

#14539of 53,630
18.6Total CVSS
Vulnerabilities · 2
High
1
Critical
1
PT-2021-21978
9.8
2021-08-07
Roxy-Wi · Roxy-Wi · CVE-2021-38167
Name of the Vulnerable Software and Affected Versions: Roxy-WI versions 5.2.2.0 and earlier Description: The issue allows SQL Injection via the `check login` function, enabling an unauthenticated attacker to extract a valid `uuid` and bypass authentication. Recommendations: For Roxy-WI versions 5.2.2.0 and earlier, as a temporary workaround, consider disabling the `check login` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2021-21979
8.8
2021-08-07
Roxy-Wi · Roxy-Wi · CVE-2021-38168
Name of the Vulnerable Software and Affected Versions: Roxy-WI versions 5.2.2.0 and earlier Description: The issue allows authenticated SQL injection via the `select servers` endpoint. This could potentially be exploited by authenticated attackers to inject malicious SQL code. Recommendations: For Roxy-WI versions 5.2.2.0 and earlier, as a temporary workaround, consider restricting access to the `select servers` endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.