CVE-2021-41647 - Vulnerability Details - OpenCVE

An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Online Food Ordering Web App Project	Online Food Ordering Web App

Configuration 1 [-]

cpe:2.3:a:online_food_ordering_web_app_project:online_food_ordering_web_app:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html
https://github.com/MobiusBinary/CVE-2021-41647
https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-10-01T14:32:43

Updated: 2024-08-04T03:15:29.215Z

Reserved: 2021-09-27T00:00:00

Link: CVE-2021-41647

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-10-01T15:15:07.947

Modified: 2024-11-21T06:26:34.390

Link: CVE-2021-41647

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable \"username\" parameter in login.php and retrieve sensitive database information, as well as add an administrative user."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-07T13:18:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/MobiusBinary/CVE-2021-41647"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-41647", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable \"username\" parameter in login.php and retrieve sensitive database information, as well as add an administrative user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App", "refsource": "MISC", "url": "https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App"}, {"name": "https://github.com/MobiusBinary/CVE-2021-41647", "refsource": "MISC", "url": "https://github.com/MobiusBinary/CVE-2021-41647"}, {"name": "http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html"}, {"name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647", "refsource": "MISC", "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:15:29.215Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/MobiusBinary/CVE-2021-41647"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-41647", "datePublished": "2021-10-01T14:32:43", "dateReserved": "2021-09-27T00:00:00", "dateUpdated": "2024-08-04T03:15:29.215Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:online_food_ordering_web_app_project:online_food_ordering_web_app:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4C26E6C6-D598-4ABE-9707-9A94E9096A98", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable \"username\" parameter in login.php and retrieve sensitive database information, as well as add an administrative user."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de inyecci\u00f3n SQL ciega no autenticada basada en errores y en el tiempo en Kaushik Jadhav Online Food Ordering Web App versi\u00f3n 1.0. Un atacante puede explotar el par\u00e1metro vulnerable \"username\" en el archivo login.php y recuperar informaci\u00f3n confidencial de la base de datos, as\u00ed como a\u00f1adir un usuario administrativo"}], "id": "CVE-2021-41647", "lastModified": "2024-11-21T06:26:34.390", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-01T15:15:07.947", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/MobiusBinary/CVE-2021-41647"}, {"source": "cve@mitre.org", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/MobiusBinary/CVE-2021-41647"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}