CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-45253

The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 49.7%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CSMS-1.0
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CSMS-1.0

Products affected by CVE-2021-45253

Simple Cold Storage Management System Project » Simple Cold Storage Managment System » Version: 1.0

cpe:2.3:a:simple_cold_storage_management_system_project:simple_cold_storage_managment_system:1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-45253

Products

Pricing

Contact Us