exploitDog

CVE-2021-44600

Опубликовано: 23 дек. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The password parameter on Simple Online Mens Salon Management System (MSMS) 1.0 appears to be vulnerable to SQL injection attacks through the password parameter. The predictive tests of this application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve all authentication and information about the users of this system.

Ссылки

https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/MSMS
Exploit
Third Party Advisory
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/MSMS
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oretnom23:simple_online_men\'s_salon_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00295

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-h9pf-hjmx-3mpq

CVSS3: 7.5

github

около 4 лет назад

The password parameter on Simple Online Mens Salon Management System (MSMS) 1.0 appears to be vulnerable to SQL injection attacks through the password parameter. The predictive tests of this application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve all authentication and information about the users of this system.

EPSS

Процентиль: 52%

0.00295

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89