CVE-2021-4276

Published: Dic 25, 2022 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2021-34117 Aliases: GSD-2021-4276
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 4,1
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: low

Description

AI Translation Available

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in dns-stats hedgehog. It has been rated as problematic. Affected by this issue is the function DSCIOManager::dsc_import_input_from_source of the file src/DSCIOManager.cpp. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 58922c345d3d1fe89bb2020111873a3e07ca93ac. It is recommended to apply a patch to fix this issue. VDB-216746 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: We do assume that the Data Manager server can only be accessed by authorised users. Because of this, we don’t believe this specific attack is possible without such a compromise of the Data Manager server.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0007
Percentile
0,2th
Updated

EPSS Score Trend (Last 90 Days)

89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability Authentication Access Control
Potential Impacts:
Execute Unauthorized Code Or Commands Read Application Data Gain Privileges Or Assume Identity Bypass Protection Mechanism Modify Application Data
Applicable Platforms
Languages: Not Language-Specific, SQL
Technologies: Database Server
Likelihood of Exploit: High
View CWE Details
Application

Hedgehog by Dns-Stats

Product Information
Vendor Dns-Stats
Product Hedgehog
Version Range Affected
To 2021-05-13 (exclusive)
cpe:2.3:a:dns-stats:hedgehog:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/dns-stats/hedgehog/commit/58922c345d3d1f…
Patch Third Party Advisory
https://github.com/dns-stats/hedgehog/commit/58922c345d3d1fe89bb2020111873a3e07…
https://github.com/dns-stats/hedgehog/pull/190
Patch Third Party Advisory
https://github.com/dns-stats/hedgehog/pull/190
https://vuldb.com/?id.216746
Third Party Advisory
https://vuldb.com/?id.216746
https://github.com/dns-stats/hedgehog/commit/58922c345d3d1f…
Patch Third Party Advisory
https://github.com/dns-stats/hedgehog/commit/58922c345d3d1fe89bb2020111873a3e07…
https://github.com/dns-stats/hedgehog/pull/190
Patch Third Party Advisory
https://github.com/dns-stats/hedgehog/pull/190
https://vuldb.com/?id.216746
Third Party Advisory
https://vuldb.com/?id.216746