Vulnerability Details CVE-2021-21918
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.4%
CVSS Severity
CVSS v3 Score 7.7
CVSS v2 Score 4.0
References