CVE-2021-37808

Sažetak

SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database.

Reference

https://packetstormsecurity.com/files/163575/News-Portal-Project-3.1-SQL-Injection.html
https://www.nu11secur1ty.com/2021/12/cve-2021-37808.html
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-37808

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

14-11-2023 - 18:20

Objavljeno

27-10-2021 - 17:15