exploitDog

CVE-2021-47811

Опубликовано: 16 янв. 2026

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order_by parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the order_by[] parameter in POST requests to the ajax_list endpoint to potentially extract or modify database information.

Ссылки

https://www.exploit-db.com/exploits/49985
Exploit
https://www.grocerycrud.com/
Product
https://www.grocerycrud.com/downloads
Product
https://www.vulncheck.com/advisories/grocery-crud-orderby-sql-injection
Third Party Advisory
https://www.exploit-db.com/exploits/49985
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:grocerycrud:grocery_crud:*:*:*:*:*:*:*:*

Версия до 2.0.1 (исключая)

EPSS

Процентиль: 14%

0.00045

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-93r3-3845-hqh2

CVSS3: 8.2

github

23 дня назад

Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order_by parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the order_by[] parameter in POST requests to the ajax_list endpoint to potentially extract or modify database information.

EPSS

Процентиль: 14%

0.00045

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-89