exploitDog

CVE-2021-44966

Опубликовано: 13 дек. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system.

Ссылки

https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/PHPGURUKUL/ANUJ%20KUMAR/Employee-Record-Management-System-SQL-Injection-Bypass-Authentication
Exploit
Third Party Advisory
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/PHPGURUKUL/ANUJ%20KUMAR/Employee-Record-Management-System-SQL-Injection-Bypass-Authentication
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpgurukul:employee_record_management_system:1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00125

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-j4qj-cw7h-263q

CVSS3: 9.8

github

около 4 лет назад

SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system.

EPSS

Процентиль: 32%

0.00125

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-89