Vulnerability Details CVE-2021-26795
A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/164961/Talariax-sendQuick-Alertplus-Server-Admin-4.3-SQL-Injection.html
- http://seclists.org/fulldisclosure/2021/Nov/37
- http://packetstormsecurity.com/files/164961/Talariax-sendQuick-Alertplus-Server-Admin-4.3-SQL-Injection.html
- http://seclists.org/fulldisclosure/2021/Nov/37
Products affected by CVE-2021-26795
-
cpe:2.3:a:talariax:sendquick_alert_plus_server_admin:*
-
cpe:2.3:a:talariax:sendquick_alert_plus_server_admin:4.3