Vulnerability CVE-2021-40578


Published: 2021-12-07

Description:
Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter.

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Online enrollment management system project -> Online enrollment management system 

 References:
https://medium.com/@J03KR/cve-2021-40578-127ceaf3f1bb
https://www.nu11secur1ty.com/2021/12/online-enrollment-management-system-sql.html
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/janobe/Online-Enrollment-Management-System

Copyright 2024, cxsecurity.com

 

Back to Top