CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40861
https://notcve.org/view.php?id=CVE-2021-40861
08 Dec 2021 — A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine. Una inyección SQL en el componente de consulta de filtro personalizado en Genesys intelligent Workload Distribution (IWD) versión 9.0.017.07, permite a un atacante ejecutar cons... • https://docs.genesys.com/Documentation/IWD • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40860
https://notcve.org/view.php?id=CVE-2021-40860
08 Dec 2021 — A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression parameter, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine. Una inyección SQL en el componente de consulta de filtro personalizado en Genesys intelligent Workload Distribution (IWD) versiones anteriores a 9.0.013.11, permi... • https://docs.genesys.com/Documentation/IWD • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •