CVE-2021-44321 — MEDIUM (5.0)

Vulnerability Description

Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the application create a malicious file for updating the inventory details and items.

CVSS Score

5.0

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Mini-Inventory-And-Sales-Management-System Project	Mini-Inventory-And-Sales-Management-System	1.0

Related Weaknesses (CWE)

CWE-352

References

https://1410inc.xyz/mini-inventory-and-sales-management-system/Permissions RequiredVendor Advisory
https://huntr.dev/bounties/1d84931c-ee10-4944-9764-d96612cdbc71/ExploitThird Party Advisory
https://1410inc.xyz/mini-inventory-and-sales-management-system/Permissions RequiredVendor Advisory
https://huntr.dev/bounties/1d84931c-ee10-4944-9764-d96612cdbc71/ExploitThird Party Advisory

FAQ

What is CVE-2021-44321?

CVE-2021-44321 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the applicatio...

How severe is CVE-2021-44321?

CVE-2021-44321 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-44321?

Check the references section above for vendor advisories and patch information. Affected products include: Mini-Inventory-And-Sales-Management-System Project Mini-Inventory-And-Sales-Management-System.