Description
An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user.
References
http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html
https://github.com/MobiusBinary/CVE-2021-41647
https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647
http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html
https://github.com/MobiusBinary/CVE-2021-41647
https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 · Critical
Information
Source identifier
Vulnerability status
Modified
Published
2021-10-01T13:15:07.947Z
4 years agoLast modified
2024-11-21T05:26:34.390Z
1 year ago