CVE-2021-41647
N/A
N/A
Summary
An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App
- https://github.com/MobiusBinary/CVE-2021-41647
- http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647
References
- https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App
- https://github.com/MobiusBinary/CVE-2021-41647
- http://packetstormsecurity.com/files/164422/Online-Food-Ordering-Web-App-SQL-Injection.html
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41647
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.