Description

Invicti detected BillQuick Web Suite. This version has several SQL injection vulnerabilities. Successful attacks of these vulnerabilities can result in takeover of the server.

Remediation

Upgrade to the latest version of BillQuick Web Suite

References

Hackers Are Exploiting a Vulnerability in Popular Billing Software to Deploy Ransomware

Related Vulnerabilities

Joomla! 1.7/2.5 SQL injection vulnerability

WordPress Plugin YARPP-Yet Another Related Posts SQL Injection (5.30.2)

WordPress Plugin Gallery-Image and Video Gallery with Thumbnails SQL Injection (2.0.3)

WordPress Plugin Top 10-Popular posts for WordPress SQL Injection (2.4.3)

WordPress Plugin MoodThingy Mood Rating Widget SQL Injection (0.9.1)

Severity

High

Classification

CVE-2021-42258 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A

Tags

SQL Injection