CVE-2021-40578

Опубликовано: 07 дек. 2021

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter.

Ссылки

https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/janobe/Online-Enrollment-Management-System
Exploit
Third Party Advisory
https://medium.com/%40J03KR/cve-2021-40578-127ceaf3f1bb
https://www.nu11secur1ty.com/2021/12/online-enrollment-management-system-sql.html
Exploit
Third Party Advisory
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/janobe/Online-Enrollment-Management-System
Exploit
Third Party Advisory
https://medium.com/%40J03KR/cve-2021-40578-127ceaf3f1bb
https://www.nu11secur1ty.com/2021/12/online-enrollment-management-system-sql.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:online_enrollment_management_system_project:online_enrollment_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00524

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-7xc3-h85x-39mf

github

около 4 лет назад