Vulnerability Details CVE-2021-47811
Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order_by parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the order_by[] parameter in POST requests to the ajax_list endpoint to potentially extract or modify database information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.6%
CVSS Severity
CVSS v3 Score 8.2
References
Products affected by CVE-2021-47811
-
cpe:2.3:a:grocerycrud:grocery_crud:1.4
-
cpe:2.3:a:grocerycrud:grocery_crud:1.4.1
-
cpe:2.3:a:grocerycrud:grocery_crud:1.5.0
-
cpe:2.3:a:grocerycrud:grocery_crud:1.5.1
-
cpe:2.3:a:grocerycrud:grocery_crud:1.5.2
-
cpe:2.3:a:grocerycrud:grocery_crud:1.5.3
-
cpe:2.3:a:grocerycrud:grocery_crud:1.5.4
-
cpe:2.3:a:grocerycrud:grocery_crud:1.5.5
-
cpe:2.3:a:grocerycrud:grocery_crud:1.5.6
-
cpe:2.3:a:grocerycrud:grocery_crud:1.5.7
-
cpe:2.3:a:grocerycrud:grocery_crud:1.5.8
-
cpe:2.3:a:grocerycrud:grocery_crud:1.5.8.1
-
cpe:2.3:a:grocerycrud:grocery_crud:1.5.89
-
cpe:2.3:a:grocerycrud:grocery_crud:1.5.9
-
cpe:2.3:a:grocerycrud:grocery_crud:1.6.0
-
cpe:2.3:a:grocerycrud:grocery_crud:1.6.1
-
cpe:2.3:a:grocerycrud:grocery_crud:1.6.2
-
cpe:2.3:a:grocerycrud:grocery_crud:1.6.3
-
cpe:2.3:a:grocerycrud:grocery_crud:1.6.4
-
cpe:2.3:a:grocerycrud:grocery_crud:2.0.0