Vulnerability Details CVE-2021-41647
An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.8%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
- http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html
- https://github.com/MobiusBinary/CVE-2021-41647
- https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647
- http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html
- https://github.com/MobiusBinary/CVE-2021-41647
- https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647
Products affected by CVE-2021-41647
-
cpe:2.3:a:online_food_ordering_web_app_project:online_food_ordering_web_app:1.0