cvedb.io
CVE-2021-41765
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2021-11-15T16:15:10.230 · Last modified 2026-06-17T04:08:52.997

Summary

A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server.

Affected products

montala — resourcespace

Does this affect you?

Add your gear to cvedb and we'll alert you only when montala ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.