CVE-2021-43084: SQL Injection
First published: Thu Mar 24 2022(Updated: )
An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dreamer Cms Project Dreamer Cms | =4.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-43084?
The severity of CVE-2021-43084 is critical with a CVSS score of 9.8.
How does the SQL Injection vulnerability in Dreamer CMS 4.0.0 via the tableName parameter work?
The SQL Injection vulnerability in Dreamer CMS 4.0.0 via the tableName parameter allows an attacker to manipulate SQL queries and potentially gain unauthorized access to the database.
What software versions are affected by CVE-2021-43084?
CVE-2021-43084 affects Dreamer CMS 4.0.0.
Is there a fix available for CVE-2021-43084?
At the time of writing, no fix is available for CVE-2021-43084. It is recommended to follow the vendor's security advisory for updates and patches.
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-43084?
The Common Weakness Enumeration (CWE) ID for CVE-2021-43084 is CWE-89, which refers to Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection').
- collector/nvd-index
- agent/weakness
- agent/type
- agent/event
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/dreamer cms project
- canonical/dreamer cms project dreamer cms
- version/dreamer cms project dreamer cms/4.0.0