Vulnerability Details CVE-2021-42667
A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.724
EPSS Ranking 98.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/TheHackingRabbi/CVE-2021-42667
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42667
- https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html
- https://github.com/TheHackingRabbi/CVE-2021-42667
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42667
- https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html
Products affected by CVE-2021-42667
-
Online Event Booking And Reservation System Project » Online Event Booking And Reservation System » Version: 2.3.0cpe:2.3:a:online_event_booking_and_reservation_system_project:online_event_booking_and_reservation_system:2.3.0