Home > Vulnerability Database > CVE-2021-4276

Mend.io Vulnerability Database

CVE-2021-4276

Date: December 25, 2022

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in dns-stats hedgehog. It has been rated as problematic. Affected by this issue is the function DSCIOManager::dsc_import_input_from_source of the file src/DSCIOManager.cpp. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 58922c345d3d1fe89bb2020111873a3e07ca93ac. It is recommended to apply a patch to fix this issue. VDB-216746 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: We do assume that the Data Manager server can only be accessed by authorised users. Because of this, we don’t believe this specific attack is possible without such a compromise of the Data Manager server.

Language: C++

Severity Score

8.8

Related Resources (5)

Url: https://github.com/dns-stats/hedgehog/pull/190

Url: https://vuldb.com/?id.216746

Url: https://github.com/dns-stats/hedgehog/commit/58922c345d3d1fe89bb2020111873a3e07ca93ac

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-4276

Url: https://www.mend.io/vulnerability-database/CVE-2021-4276

Severity Score

8.8

Weakness Type (CWE)

SQL Injection

CWE-89

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2021-4276

Date: December 25, 2022

Language: C++

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?