CVE-2021-41492

Опубликовано: 03 нояб. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in actions.php.

Ссылки

https://3xpl017.blogspot.com/2021/09/multiple-sql-injections-in.html
Third Party Advisory
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41492
Exploit
Third Party Advisory
https://www.nu11secur1ty.com/2021/12/cve-2021-41492.html
Exploit
Third Party Advisory
https://3xpl017.blogspot.com/2021/09/multiple-sql-injections-in.html
Third Party Advisory
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41492
Exploit
Third Party Advisory
https://www.nu11secur1ty.com/2021/12/cve-2021-41492.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simple_cashiering_system_project:simple_cashiering_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00375

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-3hjp-xhcw-gh99

github

больше 3 лет назад