Description
The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication.
Related CPE's
References
ExploitThird Party AdvisoryVDB Entry
https://github.com/Ni7inSharma/CVE-2021-41511
ExploitThird Party Advisory
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41511
Third Party Advisory
ExploitThird Party Advisory
https://www.exploit-db.com/exploits/50372
ExploitThird Party AdvisoryVDB Entry
https://www.nu11secur1ty.com/2021/10/cve-2021-41511.html
ExploitThird Party Advisory
ProductThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 · Critical
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-10-04T13:15:08.010
3 years agoLast modified
2021-11-30T22:39:04.107
3 years ago