Vulnerability Description
A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Online Event Booking And Reservation System Project | Online Event Booking And Reservation System | 2.3.0 |
Related Weaknesses (CWE)
References
- https://github.com/TheHackingRabbi/CVE-2021-42667ExploitThird Party Advisory
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42667ExploitThird Party Advisory
- https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-syProductThird Party Advisory
- https://github.com/TheHackingRabbi/CVE-2021-42667ExploitThird Party Advisory
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-42667ExploitThird Party Advisory
- https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-syProductThird Party Advisory
FAQ
What is CVE-2021-42667?
CVE-2021-42667 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate ...
How severe is CVE-2021-42667?
CVE-2021-42667 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-42667?
Check the references section above for vendor advisories and patch information. Affected products include: Online Event Booking And Reservation System Project Online Event Booking And Reservation System.