Description

Acunetix detected BillQuick Web Suite. This version has several SQL injection vulnerabilities. Successful attacks of these vulnerabilities can result in takeover of the server.

Remediation

Upgrade to the latest version of BillQuick Web Suite

References

Hackers Are Exploiting a Vulnerability in Popular Billing Software to Deploy Ransomware

Related Vulnerabilities

WordPress Plugin SH Slideshow 'ajax.php' SQL Injection (3.1.4)

WordPress Plugin WordPress Landing Pages SQL Injection (1.2.1)

WordPress Plugin RegistrationMagic-Custom Registration Forms, User Registration, Payment, and User Login SQL Injection (5.0.2.1)

WordPress Plugin Pay With Tweet SQL Injection and Cross-Site Scripting Vulnerabilities (1.1)

WordPress Plugin LearnPress-WordPress LMS SQL Injection (3.2.6.7)

Severity

High

Classification

CVE-2021-42258 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A

Tags

SQL Injection