Description

An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user.

Related CPE's

a

online_food_ordering_web_app_project

online_food_ordering_web_app

1.0

Vulnerable

References

http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html

ExploitThird Party Advisory

https://github.com/MobiusBinary/CVE-2021-41647

ExploitThird Party Advisory

https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App

ProductThird Party Advisory

https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.1 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-10-01T15:15:07.947

3 years ago

Last modified

2021-10-08T15:19:35.987

3 years ago