exploitDog

CVE-2021-45802

Опубликовано: 25 янв. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration.

Ссылки

https://blog.pocas.kr/posts/sqli-iResturant/
Broken Link
https://gist.github.com/P0cas/5aa55f62781364a750ac4a4d47f319fa#file-cve-2021-45802-md
Exploit
Third Party Advisory
https://blog.pocas.kr/posts/sqli-iResturant/
Broken Link
https://gist.github.com/P0cas/5aa55f62781364a750ac4a4d47f319fa#file-cve-2021-45802-md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:iresturant_project:iresturant:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00264

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-43m3-7v7r-4vh7

github

около 4 лет назад

MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration.

EPSS

Процентиль: 50%

0.00264

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89