PT-2021-19500 · Unknown · Dce Extension

Published

2021-04-28

Updated

2021-08-27

CVE-2021-31777

CVSS v3.1

7.6

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions dce extension versions 2.2.0 through 2.6.x before 2.6.2 dce extension versions 2.7.x before 2.7.1

Description The issue allows SQL Injection via a backend user account. This can be exploited to inject malicious SQL code, potentially leading to unauthorized access or data manipulation.

Recommendations For dce extension versions 2.2.0 through 2.6.x before 2.6.2, update to version 2.6.2 or later. For dce extension versions 2.7.x before 2.7.1, update to version 2.7.1 or later.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-31777

GHSA-5V5H-4W2G-GXXC

Affected Products

Dce Extension

PT-2021-19500 · Unknown · Dce Extension

CVE-2021-31777

Weakness Enumeration

Related Identifiers

Affected Products

References · 12