exploitDog

CVE-2021-41651

Опубликовано: 04 окт. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php.

Ссылки

https://github.com/MobiusBinary/CVE-2021-41651/
Exploit
Third Party Advisory
https://github.com/tramyardg/hotel-mgmt-system
Product
Third Party Advisory
https://github.com/MobiusBinary/CVE-2021-41651/
Exploit
Third Party Advisory
https://github.com/tramyardg/hotel-mgmt-system
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hotel_management_system_project:hotel_management_system:-:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06322

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-wwjx-qxhj-2pwh

github

больше 3 лет назад

A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php.

EPSS

Процентиль: 91%

0.06322

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89