CVE-2021-38145

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-38145

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-38145.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-38145

Published

2021-08-31T05:15:06.697Z

Modified

2025-11-14T12:07:45.164393Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Form Tools through 3.0.20. SQL Injection can occur via the exportgroupid field when a low-privileged user (client) tries to export a form with data, e.g., manipulation of modules/exportmanager/export.php?exportgroupid=1&exportgroup1results=all&exporttypeid=1.

References

Affected packages

Git / github.com/formtools/core

Affected ranges

Type: GIT
Repo: https://github.com/formtools/core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

051a533bdbfed367e9c6cac19a834d79b490377e

Affected versions

2.*

2.0.0

2.0.0-beta-20081219

2.0.0-beta-20081223

2.0.0-beta-20081230

2.0.0-beta-20090101

2.0.0-beta-20090104

2.0.0-beta-20090105

2.0.0-beta-20090106

2.0.0-beta-20090107

2.0.0-beta-20090108

2.0.0-beta-20090111

2.0.0-beta-20090112

2.0.0-beta-20090113

2.0.0-beta-20090114

2.0.0-beta-20090117

2.0.0-beta-20090120

2.0.0-beta-20090131

2.0.0-beta-20090211

2.0.0-beta-20090217

2.0.0-beta-20090223

2.0.0-beta-20090301

2.0.0-beta-20090302

2.0.0-beta-20090305

2.0.0-beta-20090308

2.0.0-beta-20090309

2.0.0-beta-20090312

2.0.0-beta-20090317

2.0.0-beta-20090318

2.0.0-beta-20090319

2.0.0-beta-20090320

2.0.0-beta-20090321

2.0.0-beta-20090327

2.0.0-beta-20090402

2.0.0-beta-20090404

2.0.0-beta-20090407

2.0.0-beta-20090409

2.0.0-beta-20090414

2.0.0-beta-20090427

2.0.0-beta-20090428

2.0.0-beta-20090509

2.0.0-beta-20090510

2.0.0-beta-20090511

2.0.0-beta-20090518

2.0.0-beta-20090524

2.0.0-beta-20090614

2.0.0-beta-20090627

2.0.0-beta-20090712

2.0.0-beta-20090808

2.0.0-beta-20090809

2.0.0-beta-20090815

2.0.0-beta-20090823

2.0.0-beta-20090826

2.0.0-beta-20090908

2.0.0-beta-20090926

2.0.0-beta-20091003

2.0.0-beta-20091012

2.0.0-beta-20091021

2.0.0-beta-20091030

2.0.0-beta-20091101

2.0.0-beta-20091113

2.0.0-beta-20091116

2.0.0-beta-20091122

2.0.0-beta-20091210

2.0.0-beta-20091212

2.0.0-beta-20091213

2.0.0-beta-20091216

2.0.0-beta-20091224

2.0.0-beta-20100101

2.0.0-beta-20100118

2.0.1

2.0.1-beta-20100410

2.0.1-beta-20100425

2.0.1-beta-20100428

2.0.1-beta-20100516

2.0.2

2.0.3

2.0.3-beta-20100731

2.0.3-beta-20100807

2.0.3-beta-20100908

2.0.3-beta-20100911

2.0.3-beta-20100914

2.0.3-beta-20100915

2.0.3-beta-20100919

2.0.4

2.0.5

2.0.6

2.1.0

2.1.0-alpha-20110426

2.1.0-alpha-20110519

2.1.0-alpha-20110521

2.1.0-alpha-20110522

2.1.0-alpha-20110526

2.1.0-alpha-20110527

2.1.0-alpha-20110528

2.1.0-alpha-20110530

2.1.0-alpha-20110603

2.1.0-alpha-20110607

2.1.0-alpha-20110609

2.1.0-alpha-20110614

2.1.0-beta-20110616

2.1.0-beta-20110618

2.1.0-beta-20110620

2.1.0-beta-20110622

2.1.0-beta-20110623

2.1.0-beta-20110626

2.1.0-beta-20110630

2.1.0-beta-20110702

2.1.0-beta-20110710

2.1.0-beta-20110713

2.1.0-beta-20110714

2.1.0-beta-20110716

2.1.0-beta-20110720

2.1.0-beta-20110729

2.1.0-beta-20110730

2.1.0-beta-20110731

2.1.0-beta-20110802

2.1.0-beta-20110807

2.1.0-beta-20110809

2.1.0-beta-20110811

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

3.*

3.0.0

3.0.0-alpha-20170916

3.0.0-alpha-20170917

3.0.0-alpha-20170922

3.0.0-alpha-20170924

3.0.0-alpha-20170927

3.0.0-alpha-20170930

3.0.0-alpha-20171005

3.0.0-alpha-20171007

3.0.0-alpha-20171014

3.0.0-alpha-20171017

3.0.0-alpha-20171019

3.0.0-alpha-20171023

3.0.0-alpha-20171029

3.0.0-alpha-20171107

3.0.0-alpha-20171108

3.0.0-alpha-20171111

3.0.0-alpha-20171122

3.0.0-alpha-20171123

3.0.0-alpha-20171127

3.0.0-alpha-20171128

3.0.0-alpha-20171214

3.0.0-alpha-20171215

3.0.0-alpha-20171218

3.0.0-alpha-20171220

3.0.0-alpha-20171225

3.0.0-alpha-20171230

3.0.0-alpha-20180103

3.0.0-alpha-20180114

3.0.0-alpha-20180127

3.0.0-alpha-20180201

3.0.0-beta-20180206

3.0.0-beta-20180224

3.0.0-beta-20180312

3.0.0-beta-20180315

3.0.0-beta-20180318

3.0.0-beta-20180320

3.0.0-beta-20180410

3.0.1

3.0.10

3.0.11

3.0.13

3.0.2

3.0.20

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-38145.json"