PT-2021-18650 · Unknown · Zerof Web Server

Anna Sidorova

Published

2021-04-13

Updated

2021-04-14

CVE-2021-30175

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ZEROF Web Server version 1.0 (April 2021)

Description The issue allows SQL Injection via the "HandleEvent" endpoint for the login page.

Recommendations For ZEROF Web Server version 1.0 (April 2021), update the software to prevent SQL injection attacks, specifically focusing on securing the /HandleEvent endpoint for the login page.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-30175

Affected Products

Zerof Web Server

PT-2021-18650 · Unknown · Zerof Web Server

CVE-2021-30175

Weakness Enumeration

Related Identifiers

Affected Products

References · 4