← back
CVE-2021-47956

EgavilanMedia PHPCRUD 1.0 SQL Injection via firstname

CVSS 8.8 HIGHEPSS 0.3%CWE-89
EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers can send POST requests to insert.php with malicious firstname values to extract sensitive database information.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
Egavilanmedia · EgavilanMedia PHPCRUD
public PoCs found1
cve_referencewww.exploit-db.com/exploits/49878unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://egavilanmedia.comhttps://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/https://www.exploit-db.com/exploits/49878https://www.vulncheck.com/advisories/egavilanmedia-phpcrud-sql-injection-via-firstname