CVE-2021-26837: SQL Injection
First published: Mon Sep 18 2023(Updated: )
SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortra Delivernow | <1.2.18 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-26837?
CVE-2021-26837 is a SQL Injection vulnerability in the SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18.
How severe is CVE-2021-26837?
CVE-2021-26837 has a severity of 9.8 (critical).
What can an attacker do with CVE-2021-26837?
With CVE-2021-26837, attackers can execute arbitrary code, escalate privileges, and gain sensitive information.
How can I fix the CVE-2021-26837 vulnerability?
To fix the CVE-2021-26837 vulnerability, update to Fortra DeliverNow version 1.2.18 or later.
Where can I find more information about CVE-2021-26837?
More information about CVE-2021-26837 can be found at the following links: [link1](https://community.helpsystems.com/knowledge-base/rjs/delivernow/overview/), [link2](https://susos.co/blog/f/cve-disclosure-sedric-louissaints-discovery-of-sql-injection-in)
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/type
- agent/event
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/fortra
- canonical/fortra delivernow