CVE-2021-47846
8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Summary
Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. Attackers can exploit the vulnerability by sending crafted SQL injection payloads in email and password parameters across police, incharge, user, and HQ login endpoints.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| I Want Source Codes | Digital Crime Report Management System | 1.0 | affected |
Weaknesses
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://www.exploit-db.com/exploits/49761
- https://iwantsourcecodes.com/digital-crime-report-management-system-in-php-with-source-code/
- https://iwantfilemanager.com/?dl=b48d951cbdd50568b031aab3b619fed2
- https://www.vulncheck.com/advisories/digital-crime-report-management-system-sql-injection
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.