CVE-2021-41647

Sažetak

An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user.

Reference

https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App
https://github.com/MobiusBinary/CVE-2021-41647
http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

08-10-2021 - 15:19

Objavljeno

01-10-2021 - 15:15