1. Home
  2. CVE Database
  3. CVE-2021-44599
HIGH · 7.5

CVE-2021-44599

The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function ...

Vulnerability Description

The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve sensitive information for all users of this system.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
Online Enrollment Management System ProjectOnline Enrollment Management System1.0

Related Weaknesses (CWE)

CWE-89

References

FAQ

What is CVE-2021-44599?

CVE-2021-44599 is a vulnerability with a CVSS score of 7.5 (HIGH). The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function ...

How severe is CVE-2021-44599?

CVE-2021-44599 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-44599?

Check the references section above for vendor advisories and patch information. Affected products include: Online Enrollment Management System Project Online Enrollment Management System.