CVE-2021-42169 — CRITICAL (9.8)

Vulnerability Description

The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Simple Payroll System With Dynamic Tax Bracket Project	Simple Payroll System With Dynamic Tax Bracket	1.0

Related Weaknesses (CWE)

CWE-89

References

https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVEExploitThird Party Advisory
https://www.exploit-db.com/exploits/50403ExploitThird Party AdvisoryVDB Entry
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVEExploitThird Party Advisory
https://www.exploit-db.com/exploits/50403ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2021-42169?

CVE-2021-42169 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parame...

How severe is CVE-2021-42169?

CVE-2021-42169 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-42169?

Check the references section above for vendor advisories and patch information. Affected products include: Simple Payroll System With Dynamic Tax Bracket Project Simple Payroll System With Dynamic Tax Bracket.