Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-42258
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
BEQ BillQuick Web Suite SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
BEQ BillQuick Web Suite是美国BEQ公司的一个时间和计费系统。 BQE BillQuick Web Suite 存在SQL注入漏洞,该漏洞源于 BQE BillQuick Web Suite 2018 到 2021 允许 SQL 注入用于未经身份验证的远程代码执行,如 2021 年 10 月在野外被利用以安装勒索软件。 例如,SQL 注入可以使用 txtID(又名用户名)参数。 成功的利用可能包括通过 xp_cmdshell 以 MSSQLSERVER$ 形式执行任意代码的能力。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2021-42258
#POC DescriptionSource LinkShenlong Link
1BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-42258.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-42258
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: n/a
Same vendor: n/a
V. Comments for CVE-2021-42258

No comments yet

Leave a comment