CVE-2021-47848

Sažetak

Blitar Tourism 1.0 contains an authentication bypass vulnerability that allows attackers to bypass login by injecting SQL code through the username parameter. Attackers can manipulate the login request by sending a crafted username with SQL injection techniques to gain unauthorized administrative access.

Reference

https://github.com/satndy/Aplikasi-Biro-Travel
https://www.exploit-db.com/exploits/49759
https://www.vulncheck.com/advisories/blitar-tourism-authentication-bypass-sqli

CVSS

Base:	8.2
Impact:	4.2
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Zadnje važnije ažuriranje

26-01-2026 - 15:04

Objavljeno

21-01-2026 - 18:16