CVE-2021-40578

December 13, 2021

Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter.

Summary:

Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter.

Reference Links(if available):

  • https://medium.com/@J03KR/cve-2021-40578-127ceaf3f1bb
  • https://www.nu11secur1ty.com/2021/12/online-enrollment-management-system-sql.html
  • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/janobe/Online-Enrollment-Management-System

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    Sliver C2

    Sliver C2 Detected – 146[.]70[.]54[.]90:31337

    May 5, 2024
    Sliver C2

    Sliver C2 Detected – 35[.]224[.]239[.]139:31337

    May 5, 2024
    Sliver C2

    Sliver C2 Detected – 192[.]253[.]234[.]80:31337

    May 5, 2024
    gophish

    GoPhish Login Page Detected – 18[.]220[.]93[.]76:443

    May 5, 2024
    gophish

    GoPhish Login Page Detected – 46[.]30[.]78[.]13:443

    May 5, 2024