QwikSec

Security Database

CVE

CWE

Training

CVE-2021-38145

Published: Aug 31, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in Form Tools through 3.0.20. SQL Injection can occur via the export_group_id field when a low-privileged user (client) tries to export a form with data, e.g., manipulation of modules/export_manager/export.php?export_group_id=1&export_group_1_results=all&export_type_id=1.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.formtools.org/

x_refsource_MISC

https://github.com/formtools/core/

x_refsource_MISC

https://bernardofsr.github.io/blog/2021/form-tools/

x_refsource_MISC

https://github.com/bernardofsr/CVEs-With-PoC/blob/main/PoCs/Form%20Tools/README.md

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.