Skip to the content.

DIVD-2021-00033 - Sites with Potential SQL-Injection

Our reference DIVD-2021-00033
Case lead Victor Pasman
Author Célistine Oosting
Researcher(s)
CVE(s)
  • n/a
Product n/a
Recommendation
Patch status n/a
Status Closed
Last modified 12 Aug 2022 09:21

Summary

We obtained a list of sites potentially vulnerable to SQL-Injection attacks in November of 2021. We started scanning the domains in the list we obtained for SQL-Injection vulnerabilities. The owners of the confirmed vulnerable sites will be notified by us via email.

What we are doing

We started scanning the potentially vulnerable sites to see if they really were vulnerable to SQL-Injection attacks and will notify the owners of the sites confirmed vulnerable to this type of attacks.

Timeline

Date Description
16 Nov 2021 We obtained a list with domains potentially vulnerable to SQL-Injection
17 Nov 2021 We scanned the potentially vulnerable sites for the first time
18 Nov 2021 The results of the first scan were shared with the case researchers
12 Jan 2022 We obtained new results and shared them with the case researchers
27 Jan 2022 First version of the casefile published
27 Jan 2022-
30 Jan 2022
We started mailing the owners of the vulnerable sites
30 Jan 2022 All notifications have been sent to affected parties
09 Feb 2022 With all vulnerable parties notified, this case is closed for DIVD.
gantt title DIVD-2021-00033 - Sites with Potential SQL-Injection dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2021-00033 - Sites with Potential SQL-Injection (85 days) :2021-11-16, 2022-02-09 section Events We obtained a list with domains potentially vulnerable to SQL-Injection : milestone, 2021-11-16, 0d We scanned the potentially vulnerable sites for the first time : milestone, 2021-11-17, 0d The results of the first scan were shared with the case researchers : milestone, 2021-11-18, 0d We obtained new results and shared them with the case researchers : milestone, 2022-01-12, 0d First version of the casefile published : milestone, 2022-01-27, 0d We started mailing the owners of the vulnerable sites (3 days) : 2022-01-27, 2022-01-30 All notifications have been sent to affected parties : milestone, 2022-01-30, 0d With all vulnerable parties notified, this case is closed for DIVD. : milestone, 2022-02-09, 0d