CVE-2021-32953 CRITICAL

CVE-2021-32953: MDT AutoSave SQL Injection

Vendor Mdt Software
Product MDT AutoSave
Weakness CWE-89 · SQLi
Published April 1, 2022
Last update April 16, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login.

Key dates

02Disclosure timeline

April 1, 2022 CVE published
April 16, 2025 Record updated