Primary

Context

Q-Free MaxTime SQL Injection Vulnerability in User Group Management Endpoint

Vulnerability

A SQL injection vulnerability has been identified in Q-Free MaxTime versions through 2.11.0. This issue, located in the user group management endpoint of the application, allows authenticated remote attackers to execute arbitrary SQL commands by sending crafted HTTP requests.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of SQL commands, allowing attackers to exfiltrate, modify, or delete database information.

Remediation

No official patch is available. It is recommended to restrict and monitor network access to the management web application on devices running Q-Free MaxTime through version 2.11.0.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Q-Free MaxTime SQL Injection Vulnerability in User Group Management Endpoint

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating