CVE-2021-41647

{"id": "CVE-2021-41647", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2021-10-01T15:15:07.947", "references": [{"url": "http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/MobiusBinary/CVE-2021-41647", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App", "tags": ["Product", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/MobiusBinary/CVE-2021-41647", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App", "tags": ["Product", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable \"username\" parameter in login.php and retrieve sensitive database information, as well as add an administrative user."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de inyecci\u00f3n SQL ciega no autenticada basada en errores y en el tiempo en Kaushik Jadhav Online Food Ordering Web App versi\u00f3n 1.0. Un atacante puede explotar el par\u00e1metro vulnerable \"username\" en el archivo login.php y recuperar informaci\u00f3n confidencial de la base de datos, as\u00ed como a\u00f1adir un usuario administrativo"}], "lastModified": "2024-11-21T06:26:34.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:online_food_ordering_web_app_project:online_food_ordering_web_app:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C26E6C6-D598-4ABE-9707-9A94E9096A98"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}