Vulnerability Description
An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Online Food Ordering Web App Project | Online Food Ordering Web App | 1.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-InjExploitThird Party Advisory
- https://github.com/MobiusBinary/CVE-2021-41647ExploitThird Party Advisory
- https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-AppProductThird Party Advisory
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647ExploitThird Party Advisory
- http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-InjExploitThird Party Advisory
- https://github.com/MobiusBinary/CVE-2021-41647ExploitThird Party Advisory
- https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-AppProductThird Party Advisory
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647ExploitThird Party Advisory
FAQ
What is CVE-2021-41647?
CVE-2021-41647 is a vulnerability with a CVSS score of 9.1 (CRITICAL). An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter ...
How severe is CVE-2021-41647?
CVE-2021-41647 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-41647?
Check the references section above for vendor advisories and patch information. Affected products include: Online Food Ordering Web App Project Online Food Ordering Web App.