SQL Injection Vulnerability in Fortra DeliverNow Software
CVE-2021-26837

9.8CRITICAL

Key Information:

Vendor: Fortra
Status: Delivernow
Vendor: CVE Published:; 19 September 2023

Summary

An SQL Injection vulnerability exists in the SearchTextBox parameter of Fortra's DeliverNow software versions prior to 1.2.18. This flaw allows attackers to manipulate SQL queries, potentially enabling them to execute arbitrary code, escalate user privileges, and access sensitive information stored within the application. Organizations utilizing this software are advised to upgrade to mitigate the risk associated with this vulnerability.

References

https://community.helpsystems.com/knowledge-base/rjs/deli...

https://susos.co/blog/f/cve-disclosure-sedric-louissaints...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 19, 2023
Vulnerability Reserved
Feb 5, 2021