Vulnerability Description
Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Online Covid Vaccination Scheduler System Project | Online Covid Vaccination Scheduler System | 1.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/164324/Covid-Vaccination-Scheduler-System-1ExploitThird Party AdvisoryVDB Entry
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVEExploitThird Party Advisory
- https://www.exploit-db.com/exploits/50109ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/164324/Covid-Vaccination-Scheduler-System-1ExploitThird Party AdvisoryVDB Entry
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVEExploitThird Party Advisory
- https://www.exploit-db.com/exploits/50109ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2021-36621?
CVE-2021-36621 is a vulnerability with a CVSS score of 8.1 (HIGH). Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin passwor...
How severe is CVE-2021-36621?
CVE-2021-36621 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-36621?
Check the references section above for vendor advisories and patch information. Affected products include: Online Covid Vaccination Scheduler System Project Online Covid Vaccination Scheduler System.