Description

Acunetix detected BillQuick Web Suite. This version has several SQL injection vulnerabilities. Successful attacks of these vulnerabilities can result in takeover of the server.

Remediation

Upgrade to the latest version of BillQuick Web Suite

References

Hackers Are Exploiting a Vulnerability in Popular Billing Software to Deploy Ransomware

Related Vulnerabilities

WordPress Plugin Comment Rating SQL Injection and Security Bypass Weakness Vulnerabilities (2.9.32)

WordPress Plugin Link Library 'searchll' Parameter SQL Injection (5.2.1)

WordPress 'paged' Parameter SQL Injection Vulnerability (2.0.2 - 2.0.5)

WordPress Plugin Tune Library SQL Injection (1.5.4)

WordPress Plugin Image Gallery-Responsive Photo Gallery SQL Injection (1.8.9)

Severity

High

Classification

CVE-2021-42258 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A

Tags

SQL Injection