vulnerability
Foxit Reader: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CVE-2021-38574)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Aug 11, 2021 | Aug 16, 2021 | Apr 7, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Aug 11, 2021
Added
Aug 16, 2021
Modified
Apr 7, 2026
Description
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows SQL Injection via crafted data at the end of a string.
Solution
foxit-reader-upgrade-10_1_4
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.