CVE-2021-41511

Description

The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication.

Related CPE's

alodging_reservation_management_system_projectlodging_reservation_management_system1.0*******

References

https://www.sourcecodester.com/php/14883/lodging-reservation-management-system-php-free-source-code.html

ProductThird Party Advisory

https://www.exploit-db.com/exploits/50372

ExploitThird Party AdvisoryVDB Entry

https://github.com/Ni7inSharma/CVE-2021-41511

ExploitThird Party Advisory

https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41511

https://streamable.com/9fq8uw

http://packetstormsecurity.com/files/164366/Lodging-Reservation-Management-System-1.0-SQL-Injection.html

https://www.nu11secur1ty.com/2021/10/cve-2021-41511.html

CvssV3 impact

BaseSeverity

CRITICAL

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

9.8

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

PARTIAL

IntegrityImpact

PARTIAL

BaseScore

7.5

VectorString

AV:N/AC:L/Au:N/C:P/I:P/A:P

Version

2.0

AccessVector

NETWORK

Authentication

NONE

Created by Yello
About Severity.io