CVE-2021-44249

Опубликовано: 28 янв. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials.

Ссылки

https://doctorzorka.github.io/Exploits/exploit-1.html
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/50429
Exploit
Third Party Advisory
VDB Entry
https://doctorzorka.github.io/Exploits/exploit-1.html
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/50429
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:online_motorcycle_\(bike\)_rental_system_project:online_motorcycle_\(bike\)_rental_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00477

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-q7pf-9h4g-q875

github

около 4 лет назад