Vulnerability Details CVE-2021-45255
The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2021-45255
-
cpe:2.3:a:video_sharing_website_project:video_sharing_website:1.0