← voltar
CVE-2021-47846

Digital Crime Report Management System 1.0 - SQL Injection

CVSS 8.8 HIGHEPSS 0.4%CWE-89
Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. Attackers can exploit the vulnerability by sending crafted SQL injection payloads in email and password parameters across police, incharge, user, and HQ login endpoints.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Produtos afetados
I Want Source Codes · Digital Crime Report Management System

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://iwantfilemanager.com/?dl=b48d951cbdd50568b031aab3b619fed2https://iwantsourcecodes.com/digital-crime-report-management-system-in-php-with-source-code/https://www.exploit-db.com/exploits/49761https://www.vulncheck.com/advisories/digital-crime-report-management-system-sql-injection