1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. BQE BillQuick Web Suite SQL Injection Vulnerability

Known Exploited Vulnerabilities CVE-2021-42258 Mappings

BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2021-42258 BQE BillQuick Web Suite SQL Injection Vulnerability secondary_impact T1486 Data Encrypted for Impact
Comments
CVE-2021-42258 is a SQL injection vulnerability in BillQuick Web Suite that allows attackers to execute arbitrary SQL commands on the database server
References
  1. https://therecord.media/hackers-use-sql-injection-bug-in-billquick-billing-app-to-deploy-ransomware
  2. https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware
CVE-2021-42258 BQE BillQuick Web Suite SQL Injection Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2021-42258 is a SQL injection vulnerability in BillQuick Web Suite that allows attackers to execute arbitrary SQL commands on the database server
References
  1. https://therecord.media/hackers-use-sql-injection-bug-in-billquick-billing-app-to-deploy-ransomware
  2. https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware