SQL Injection Vulnerability in Foxit Reader and PhantomPDF Software
CVE-2021-38574

9.8CRITICAL

Key Information:

Vendor: Foxit
Status: Foxit Reader; PhantomPDF
Vendor: CVE Published:; 11 August 2021

What is CVE-2021-38574?

An SQL Injection vulnerability was identified in Foxit Reader and PhantomPDF versions prior to 10.1.4. This flaw allows attackers to manipulate SQL queries via specially crafted data appended to string inputs, potentially compromising the integrity of the database and exposing sensitive information. Users are advised to update their software to the latest version to mitigate this security risk.

References

https://www.foxitsoftware.com/support/security-bulletins.php

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2021
Vulnerability Reserved
Aug 11, 2021