High severity7.2NVD Advisory· Published Dec 8, 2021· Updated Jun 17, 2026
CVE-2021-40860
CVE-2021-40860
Description
A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression parameter, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Genesys/intelligent Workload Distributiondescription
- Range: <9.0.013.11
Patches
Vulnerability mechanics
References
2- www.offensity.com/en/blog/authenticated-sql-injection-in-the-genesys-iwd-manager-cve-2021-40860-and-cve-2021-40861/nvdExploitPatchThird Party Advisory
- docs.genesys.com/Documentation/IWDnvdProductRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.