CVE-2021-42667

Опубликовано: 05 нояб. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.

Ссылки

https://github.com/TheHackingRabbi/CVE-2021-42667
Exploit
Third Party Advisory
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42667
Exploit
Third Party Advisory
https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html
Product
Third Party Advisory
https://github.com/TheHackingRabbi/CVE-2021-42667
Exploit
Third Party Advisory
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42667
Exploit
Third Party Advisory
https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:online_event_booking_and_reservation_system_project:online_event_booking_and_reservation_system:2.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.72266

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-xhx6-vv38-6mx5

github

больше 3 лет назад