What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10.
Explanation of Vulnerability in Simple Terms
Bit Form versions up to 2.21.10 contain a SQL injection vulnerability accessible to high-privilege users. An attacker with admin or elevated permissions can craft malicious input to execute arbitrary SQL queries, potentially reading sensitive database records. The vulnerability affects the entire site scope and may cause service disruption.
What an attacker can do
Read sensitive data from the database and cause service disruption.
Potential impact on your site
Admins or compromised high-privilege accounts can extract database contents or degrade site availability.
Conditions required to exploit
Attacker must have high-level admin or elevated user privileges on the site.
Key dates
External resources