SQL Injection Vulnerability in Fortra DeliverNow (Formerly HelpSystems) Allows Arbitrary Code Execution and Privilege Escalation

SQL Injection Vulnerability in Fortra DeliverNow (Formerly HelpSystems) Allows Arbitrary Code Execution and Privilege Escalation

CVE-2021-26837 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information.

Learn more about our Web Application Penetration Testing UK.