Vulnerability Description
SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpgurukul | News Portal | 3.1 |
Related Weaknesses (CWE)
References
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-37808ExploitThird Party Advisory
- https://packetstormsecurity.com/files/163575/News-Portal-Project-3.1-SQL-InjectiThird Party AdvisoryVDB Entry
- https://www.nu11secur1ty.com/2021/12/cve-2021-37808.htmlExploitThird Party Advisory
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-37808ExploitThird Party Advisory
- https://packetstormsecurity.com/files/163575/News-Portal-Project-3.1-SQL-InjectiThird Party AdvisoryVDB Entry
- https://www.nu11secur1ty.com/2021/12/cve-2021-37808.htmlExploitThird Party Advisory
FAQ
What is CVE-2021-37808?
CVE-2021-37808 is a vulnerability with a CVSS score of 5.9 (MEDIUM). SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is a...
How severe is CVE-2021-37808?
CVE-2021-37808 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37808?
Check the references section above for vendor advisories and patch information. Affected products include: Phpgurukul News Portal.